Useful Resources
      Back to home
      1. Support
      2. Useful Resources

      Okta user provisioning integration with SCIM

      If your organization uses Okta to manage employee access to applications, you can use Okta’s “Provisioning” feature to automatically grant users access to Tiled and optionally synchronize membership in select Okta Groups with Tiled Libraries.

      The integration between Okta and Tiled that enables provisioning uses the industry-standard protocol SCIM (System for Cross-domain Identity Management). To learn how Okta works with SCIM, please see this article.

      The rest of this guide focuses on configuring Tiled and Okta for provisioning.

      Okta Provisioning Features

      Features supported by Tiled

      • Push Users. Users assigned to Tiled application in Okta are automatically added to the Tiled as users.

      • Push Groups. Okta groups and their members can be pushed to Tiled, turning groups into Tiled Libraries and members into users with access to those libraries.

      • Update user attributes. If a user is updated in Okta, the changes will also reflect in Tiled. The following attributes will be updated: name (given/family), email, and Tiled Admin.

      • Deactivate/reactivate users. If a user is removed from the Tiled application in Okta, the user will become “deactivated” in Tiled. Deactivated users will not have access to Tiled but will remain in the Tiled directory.

      • Remove users. To completely delete the user from Tiled, go to the User Management settings in the Tiled application.

      Features not supported by Tiled

      • Import Users. Users created in Tiled won't sync to Okta Users.

      • Import Groups. Libraries created in Tiled won’t sync to Okta Groups.

      • Sync password.

      • Enhanced group push.

      For more information on Tiled SCIM API, see this article.

      Requirements

      SCIM-based user provisioning is a premium feature. Contact support for access or more information.

      How to Configure

      Configure your Provisioning settings for Tiled.

      SAML is not required to use Okta provisioning with SCIM but highly recommended. See how to configure SSO for Okta.

      In Tiled

       

       

      1. Log in to Tiled as an admin.

      2. Go into Account Settings > General Settings and scroll down to SCIM Configuration.

      3. Click on Generate token to create an authentication token to be used for the provisioning tool in Okta. The token will only appear once so store it in a secure location.

       

      In Okta

       

      1. Log in to Okta admin portal and navigate to the Tiled application.

      2. Click on the Provisioning tab and click the Integration link under the Settings panel on the left side. Then click the Configure API Integration button.

       

       

      1. Check the Enabled API Integration box. Then copy and paste the token generated from Tiled (“In Tiled” step 3) into the API Token field.

      2. Click Test API Credentials to verify that the connection is working and click Save.

      3. Once saved, click on the Provisioning tab and click the To App link under the Settings panel on the left side and click Edit. Refresh or log in might be needed for the “To App” link to appear.

      4. Enable the following provisioning features based on your account needs - “Create Users”, “Update User Attributes”, “Deactivate Users”.

       

       

       

      For more information on Tiled SCIM API, see this article.