System for Cross-domain Identity Management

Configuring Okta Integration with SCIM

This document is for:

Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

Okta is an identity and access management platform. So, you can configure Okta to provision users and groups with Invicti Enterprise.

With System for Cross-domain Identity Management (SCIM) 2.0, you can organize users and user groups. This standard lets you provide a defined schema for representing users and groups. So, you can securely automate the exchange of user identity data between your cloud application and any service provider.
So, if you want to synchronize roles and permissions in addition to users and/or user groups, you need to configure the mapping between users/groups in Okta and members/teams in Invicti Enterprise.

This document explains how to add Invicti Enterprise to your Okta account and how to synchronize users and groups in Okta with Invicti Enterprise.

An Okta account with admin permissions is required to configure the integration.

Add Invicti Enterprise to Okta

In Okta’s admin console go to Applications > Applications.
Click Create App Integration to open a configuration pop-up.
In the Create a new app integration dialog, select SWA - Secure Web Authentication and click Next.

In the Create SWA Integration window, enter the following information:

In the App name field, enter your application’s name. (For illustration purposes, this document uses Invicti Enterprise).
In the App’s login page URL field, enter the login URL to your application.

Click Finish to save the configuration.

After adding Invicti Enterprise to your Okta account, you can now configure provisioning.

Synchronize Users/Groups in Okta with Invicti Enterprise

In Okta’s admin console select Applications > Applications.
From the Status section, select Active > Invicti Enterprise.
In the General tab, click Edit.
In the Provisioning section, select SCIM.
Click Save to add the provisioning configuration tab.
In the Provisioning tab click Edit to configure the settings.

In the SCIM connector base URL field, enter the domain of your environment.

Use the SCIM URL related to the domain of your environment:

US Region: https://www.netsparkercloud.com/scim/v2
US-2 Region: https://ie.invicti.com/scim/v2
EU Region: https://eu.netsparker.cloud/scim/v2
CA Region: https://ca.netsparker.cloud/scim/v2
On-premises installation: https://<Address of the On Prem URL>/scim/v2

For more information about the SCIM endpoints, refer to the SCIM API page.

In the Unique identifier field for users field, enter email.
In the Supported provisioning actions, enable all checkboxes.
In the Authentication Mode, select Basic Auth.

In the Basic Auth section, enter your USER ID to the username field and your API Token to the password field. (For more information about accessing your API Token and User ID, refer to the API Settings document.)
Click Test Connector Configuration to test the connection.

Click Save to save the configuration.

Once you save the configuration successfully, new options will appear in the Provisioning tab. To complete the configuration, click To App > Edit.
Enable the checkboxes as necessary.

Enable the Sync Password option as a password type.

Click Save to complete the configuration.

From the Attribute Mappings section, you configure the mapping between Okta users/groups and Invicti Enterprise members/teams.

In order to push your groups in Okta to Invicti Enterprise as teams, you need to go to Push Groups > Find groups by name and find your groups. Then, save it. Once you save it, Okta will push your groups to Invicti Enterprise automatically.

After completing the instructions, you can now add users and/or groups to Invicti Enterprise. To do this, in the Assignments tab, click Assign and start adding users and groups.

When you delete users from the Invicti Enterprise application in Okta, these users become Disabled on the Invicti Enterprise’s side.