Okta Provisioning Agent (SCIM v1)
Follow the instructions below to set up provisioning of users from Okta to JIRA using SCIM v1 through the Oktas provisioning agent. Further reading: Okta documentation.
Open the Okta admin portal
Select Classic UI and then Applications
Add new application
On the application page, click Add application
Then, click Create New App
Choose Web as platform and SAML 2.0 as sign-on method and click Create
Enter an app name in General Settings
Optionally upload a logo, click Next
Input dummy URLs to skip SAML configuration
We will revisit these settings later when configuring SAML, but for now, input dummy URLs for both Single sign-on URL and Audience URI (SP Entry ID). When running the Kantega SSO Okta SAML wizard later, skip the initial app creation steps and use the app you're in the process of setting up SCIM, instead. For now, though, we'll focus on provisioning.
Click Next, then Finish
Enable On-Premise Provisioning
After saving, go back to the application settings. Click edit and enable On-Premise Provisioning. Click Save. This should make the Provisioning tab appear.
Go to the Provisioning tab, which should now be available. Confirm that you have at least one active provisioning agent. If not, click the link and follow the instructions to install it in your environment. Finally, click Configure SCIM connector.
Configure the SCIM connector
Oo the Provisioning tab, which should now be available. Click the Edit button to configure the SCIM connection:
Copy the tenant URL to the SCIM connector base URL field
Select HTTP header authorization
Type in Authorization as the header name, then Bearer <secret> as the value.
Type in userName in the Unique user field name
Select the agents you want to use.
You should end up with something like this:
Click Test Connector Configuration, then Save
Configure To App settings
In the To App settings, enable Create Users, Update User Attributes, and Deactivate Users. Leave Sync Password unselected. You should not need to change the user mapping settings on this screen.
Click Save
Configure Push Groups
At this point, any user or group assigned to the SCIM application in Okta will be provisioned to JIRA. However, you still need to explicitly specify the groups to provision. To do this, navigate to the Push Groups tab and click the green Push Groups button. Either add groups by name or create a rule. In the screenshot, we have added three groups by name. You can either push immediately or manually activate each group when you're done. In the screenshot, you can see that one group has been activated.
SCIM should now be configured and working