Single Sign-On provisioning setup - Okta (SCIM)

Administrators of IDrive^® e2 can now set up provisioning for their users and groups from the identity provider. IDrive^® e2 supports the SCIM (System for Cross-domain Identity Management) provisioning method for this purpose.

To setup Single Sign-On (SSO) provisioning with Okta, the admin needs to:

• Generate SCIM provisioning token with IDrive^® e2 account
• Configure SCIM provisioning
• Assign users / groups to the provisioned app

Generate SCIM provisioning token with IDrive^® e2 account

Admin needs to generate and use the SCIM (System for Cross-domain Identity Management) provisioning token to sync all the users linked with their IdP to the IDrive^® e2 account.

To generate a token,

1. Sign in to IDrive^® e2 via web browser.
2. Navigate to the 'Dashboard' > 'Settings' > 'Single Sign-On (SSO)'.
3. In the SSO section, click the 'Generate Token' button under 'Sync users from your identity provider' to generate a token.
4. Click the 'Copy Token' button to copy and save the token for future reference.
   The token will be required to sync all the users linked with your IdP to your IDrive^® e2 account.
   
5. Configure the following SCIM User provisioning URL in your IdP:
   https://api.idrivee2.com/api/sso/user_provisioning

Configure SCIM provisioning

Once the app is created, admin can configure their account for SCIM provisioning.

To configure SCIM provisioning,

1. Log in to the Okta console using your Okta account credentials.
2. In the 'Applications', click on the newly created app.
   
3. Navigate to 'General', click 'Edit' corresponding to the 'App Settings', and select 'SCIM'. Click 'Save'.
   
4. Go to the 'Provisioning', click 'Edit' against the 'SCIM Connection' and modify the required changes as below:
   
   • SCIM connector base URL:
     https://api.idrivee2.com/api/sso/user_provisioning
   • Unique identifier field for users: email
   • Supported provisioning actions: Click and enable the below options:
     
     1. Push New Users
     2. Push Profile Updates
     3. Push Groups
   • Authentication Mode: HTTP Header
   • Authorization: Enter the SCIM provisioning token generated on your IDrive^® e2 account
5. Click 'Save'.
   
6. Under the 'To App' tab, click 'Edit' against the 'Provisioning to App' option.
7. Click the 'Enable' to enable the below options:
   • Create Users
   • Update User Attributes
   • Deactivate Users
8. Click 'Save'.
   

Assign users / groups to the provisioned app

To start provisioning, an admin needs to assign users/groups to the application and push groups.

To assign users,

1. Launch the new app in Okta console.
2. Go to the 'Assignments', click 'Assign', and select 'Assign to People' or 'Assign to Groups' to provision users or users in the group, respectively.
   
   This will provision users and users in the group.

Note: If you want to add new users, go to 'Directory' > 'People' and click 'add person'.

To assign groups,

1. Launch the new app in Okta console.
2. Navigate to the 'Assignments'.
3. Click 'Assign' and select 'Assign to Groups'.
   
4. Assign the groups you would like to push. To add a new group and assign, click 'Directory' > 'Groups' > 'Add Groups' and enter the desired group name, and click 'Add group'.
5. Navigate to the 'Push Groups' and click the '+ Push Groups' button to add the group you want to provision.
   
6. Click 'Save' to save the changes.
   Once done, the groups will be provisioned.