Contents x
    User Provisioning (SCIM) Integration with Okta
    • 19 Feb 2024
    • 2 Minutes to read
    • Print
    • Dark
      Light
    Contents

    User Provisioning (SCIM) Integration with Okta

    • Updated on 19 Feb 2024
    • 2 Minutes to read
    • Print
    • Dark
      Light
    Article summary

    The SCIM Integration requires an Enterprise subscription
    The User Provisioning (SCIM) integration is available on the Enterprise plan.

    This page describes how to create a User Provisioning (SCIM) Integration with Okta. The integration can be used to provision and deprovision users to your Preset team, and also push groups to manage Workspace and Team roles.

    The integration uses OAuth 2 for authentication.

    Supported features

    • Push New Users (Create Users): Assigned users to the app are automatically added to your Preset team.
    • De-provision accounts (Deactivate Users): Un-assigned/deactivated accounts are automatically removed from your Preset team.
    • Push Profile Updates (Update User Attributes): Attribute updates reflect to Preset accounts.
    • Push groups: Pushed groups are created on the Team and Workspace roles.
    • Remove groups: Removing a group push deletes the group on Preset side.

    Note that deactivated accounts on Okta aren't deactivated on Preset. They are de-provisioned from your Preset team, instead.

    Requirements

    In order to implement the SCIM integration, you need:

    • A Preset Enterprise subscription.
    • A SAML SSO integration with Okta.
    • An Okta subscription that supports SCIM.
    • An account with admin access on Okta and Preset.

    Step by step instructions

    1. Access the Okta Admin panel. 
    2. Navigate to the Preset app created for the SAML SSO integration.
    3. Create a support ticket on our portal, requesting the SCIM integration enablement. Our team will provide the information required to set up the integration.
    4. On the Preset app (on Okta), navigate to the Provisioning tab.
    5. Click on the Configure API Integration button.
    6. Check the Enable API integration box.
    7. Fill the Team Slug variable with your Preset Team Slug (our Support team can help providing this information).
    8. Lastly, click on Authenticate with Preset (make sure you are already logged in to Preset with an admin account in the browser). 
    9. You should see a successful message. Save settings.
    10. The page reloads and now Provisioning configurations are visible. Click on Edit in the To App tab and enable the desired features for the integration.
    11. Save changes.

    Configuring Group Push

    To sync Okta groups to Preset, navigate to the Push Groups tab and specify the groups that should be provisioned to Preset. Pushed groups can be used to manage Team Roles and Workspace Roles:

    Team RoleWorkspace Role

    Troubleshooting tips

    • Accounts that were assigned to this app prior to the SCIM implementation will show an error on the Assignments tab. This is expected, since Okta doesn't know if they are properly provisioned to the Preset team. Click on the Provision Users button in the top to fix the error.
    • If admin access is revoked on Okta and/or Preset for the user that created the integration, the OAuth token will be invalidated. Another account with admin access on both applications can access the Preset app and generate a new token, by clicking on Re-authenticate with Preset.

    If you face any other issues, please reach out to our Support team.

    Was this article helpful?
    What's Next