Set up Okta for SCIM provisioning with Portkey.
Portkey supports provisioning Users & Groups with Okta SAML Apps.
Okta does not support SCIM Provisioning with OIDC apps; only SAML apps are supported.
To set up SCIM provisioning between Portkey and Okta, you must first create a SAML App on Okta.
Setting up SCIM Provisioning
-
Navigate to the app settings. Under general settings, enable the SCIM provisioning checkbox.
The
Provisioning
tab should be visible after enabling SCIM provisioning. Navigate to that page. -
Obtain the Tenant URL and Secret Token from the Portkey Admin Settings page (if SCIM is enabled for your organization).
-
Fill in the values from the Portkey dashboard into Okta’s provisioning settings and click
Test Connection
. If successful, clickSave
.Ensure you choose the Authentication Mode as
HTTP Header
. -
Check all the boxes as specified in the image below for full support of SCIM provisioning operations.
-
Once the details are saved, you will see two more options along with integration, namely
To App
andTo Okta
.Select
To App
to configure provisioning from Okta to Portkey.Enable the following checkboxes:
- Create Users
- Update User Attributes
- Deactivate Users
After saving the settings, the application header should resemble the following image.
This completes the SCIM provisioning settings between Okta and Portkey.
Whenever you assign a User
or Group
to the application, Okta automatically pushes the updates to Portkey.
Group Provisioning with Okta
Portkey supports RBAC (Role-Based Access Control) for workspaces mapped to groups in Okta. Use the following naming convention for groups:
- Format:
ws-{group}-role-{role}
- Role: One of
admin
,member
, ormanager
- Role: One of
- A user should belong to only one group per
{group}
.
Example:
For a Sales
workspace:
ws-Sales-role-admin
ws-Sales-role-manager
ws-Sales-role-member
Users assigned to these groups will inherit the corresponding role in Portkey.
Automatic provisioning with Okta works for Users
, but it does not automatically work for Groups
.
To support automatic provisioning for groups, you must first push the groups to the App (Portkey). Then, Okta will automatically provision updates.
To push the groups to Portkey, navigate to the Push Groups
tab. If it is not found, ensure you have followed all the steps correctly and enabled all the fields mentioned in the Provisioning steps.
-
Click on Push Groups.
-
Select Find group by name.
-
Enter the name of the group, select the group from the list, and click Save or Save & Add Another to assign a new group.
You can also use Find groups by rule
to push multiple groups using a filter.
If there is any discrepancy or issue with group provisioning, you can retry provisioning by clicking the Push Now
option. This can be found under the Push Status
column in the groups list.
Support
If you encounter any issues with group provisioning, please reach out to us here.
Was this page helpful?