Support
System for Cross-domain Identity Management

Configuring Okta Integration with SCIM

This document is for:
Invicti Team and Enterprise

Okta is an identity and access management platform. So, you can configure Okta to provision users and groups with Invicti Enterprise.

  • With System for Cross-domain Identity Management (SCIM) 2.0, you can organize users and user groups. This standard lets you provide a defined schema for representing users and groups. So, you can securely automate the exchange of user identity data between your cloud application and any service provider.
  • So, if you want to synchronize roles and permissions in addition to users and/or user groups, you need to configure the mapping between users/groups in Okta and members/teams in Invicti Enterprise.

This topic explains how to add Invicti Enterprise to your Okta account and how to synchronize users and groups in Okta with Invicti Enterprise.

Prerequisites:

  • An Okta account
  • Admin permissions are required.
How to Add Invicti Enterprise to Okta
  1. Log in to Okta.
  2. From the main menu, go to Applications > Add Application > Create New App.
  3. In the Create a New Application Integration dialog, select the connection details:
    • From the Platform section, select Web.
    • From the Sign on method section, select Secure Web Authentication (SWA).
  1. In the Create SWA Integration window, enter the following information:
    • In the App Name field, enter a friendly name. (For illustration purposes, this document uses Invicti Enterprise).
    • In the App’s login page URL field, enter an URL.
  1. Select Finish to save the configuration.

After adding Invicti Enterprise to your Okta account, you can now configure provisioning.

How to Synchronize Users/Groups in Okta with Invicti Enterprise
  1. Log in to Okta.
  2. From the main menu, select Applications.
  3. From the Status section, select Active > Invicti Enterprise.
  4. From the General tab, select Edit.
  5. From the Provisioning option, select SCIM.
  6. Now, select the Provisioning tab. Then, select Edit to configure the settings.
    • In the SCIM connector base URL field, enter https://www.netsparkercloud.com/scim/v2 (For further information about the SCIM endpoints, see SCIM API)
    • In the Unique identifier field for users field, enter email.
    • In the Supported provisioning actions, select all checkboxes.
    • In the Authentication Mode, select Basic Auth.
      • In the Basic Auth section, enter your USER ID to the username field and your API Token to the password field. (For further information about accessing your API Token and User ID, see API Settings.)
      • Select Test Connector Configuration to test the connection.
    • Select Save to save the configuration.
  1. Once you save the configuration successfully, new options will appear in the Provisioning tab. To complete the configuration, select To App, then Edit.
  2. Select the checkboxes as necessary.
    • From the Sync Password section, select Sync Okta Password as a password type.
  1. Select Save to complete the configuration.

From the Attribute Mappings section, you configure the mapping between Okta users/groups and Invicti Enterprise members/teams.

In order to push your group(s) in Okta to Invicti Enterprise as team(s), you need to go to Push Groups > Find Groups by Name and find your group. Then, save it. Once you save it, Okta will push your group(s) to Invicti Enterprise automatically.

After completing the instructions, you can now add users and/or groups to Invicti Enterprise. To do this, from the Assignments tab, select Assign and start adding users and groups.

When you delete user(s) from the Invicti Enterprise application in Okta, these users become Disabled on the Invicti Enterprise’s side.