SugarCRM SupportKnowledge BaseUser Log In ManagementConfiguring SCIM for SugarIdentity With Okta

Configuring SCIM for SugarIdentity With Okta

Overview

For instances that use SugarIdentity and have SAML authentication configured, the administrator can configure SCIM (System for Cross-domain Identity Management) for Okta which will allow user identity information (e.g. phone number, address) to automatically sync from Okta to SugarIdentity. This article covers how to configure SCIM for Okta. 

Note: Only some SugarCloud instances use SugarIdentity. Refer to the SugarIdentity Guide to determine if yours is configured to do so. Existing customers will be notified before their instances begin using the service.

Supported Provisioning Features

The following provisioning features in Okta are supported for SugarIdentity:

  • Create Users : New users created in Okta will be automatically created in SugarIdentity.
  • Update User Attributes : Changes made to the user's attributes in Okta will be pushed to SugarIdentity to update the corresponding user record. Custom attributes are not supported.
  • Deactivate Users : Deactivating a user in Okta will automatically update the user's status to "Inactive" in SugarIdentity. 

Note: Group push and password sync are not supported.  

Prerequisites

  • Your Sugar instance must be enabled for SugarIdentity.
  • SAML authentication must be configured in SugarIdentity via the Cloud Settings console.

Step­s to Complete

Use the following steps to configure SCIM for Okta: 

  1. On Okta's admin dashboard, click the Applications tab and choose "Applications" then select the SugarCRM (SugarIdentity) application.
  2. Next, click the Provisioning tab then click "Configure API Integration".
    Okta SCIM ProvisioningTab3
     
  3. In a new browser tab, open SugarIdentity in the Cloud Settings console then click the Gear icon and select "SCIM Settings" to generate and obtain the "Server URL", "Username", and "Password" values which are required for the next step.
    CS SCIMSettingsValues
  4. Copy and paste the "Server URL", "Username", and "Password" values into the corresponding fields under Okta's Provisioning tab.
    Okta SCIM Provisioning TestAPICredentials1
  5. Click "Test API Credentials" to ensure that your app is verified successfully and then click "Save".
  6. On the next screen, select "To App" in the Settings menu on the left then click "Edit". Enable the "Create Users", "Update User Attributes", and "Deactivate Users" settings then click "Save". 
    Okta SCIM ProvisioningtoApp1

Once you have enabled the provisioning features, you can assign the SCIM application to your Okta users in order to have changes (e.g. user attribute updates) in Okta sync to SugarIdentity for the assigned user(s). For more information on assigning applications to users in Okta, please refer to the Using the Applications Page documentation in Okta. 

Last modified: 2020-01-17 22:06:51