Integration with Okta

Workbench

To configure Okta to work with Workbench, SSO must be configured in Workbench via SAML or OIDC. See the SAML Single Sign-On Authentication section or the OpenID Connect Authentication section of this guide for more information. See the Authenticating Users section of this guide for more general information on configuring authentication in Workbench.

Below is an example of how to configure Okta to use Workbench’s user provisioning SCIM API. This example assumes that Workbench is configured to use SAML for authentication. Please reference the About provisioning section of Okta’s documentation for more information on getting started with provisioning and how to configure Okta to use SCIM for your application.

Once your authentication application is configured in Okta, you can configure Okta to use Workbench’s SCIM API to provision users.

  1. From the main page of your application in Okta, do the following:

    1. Click Provisioning.
    2. Click To App.

    This displays the Provisioning to App section.

  2. In the Provisioning to App section, click Edit.

  3. Do the following:

    1. For the Create Users field, select Enable.
    2. For the Update User Attributes field, select Enable.
    3. For the Deactivate Users field, select Enable.

  4. From the left-hand sidebar, click Integration.

    This displays the SCIM Connection section.

  5. In the SCIM Connection section, click Edit.

  6. Do the following:

    1. In the SCIM connector Base URL fields, type the URL of the SCIM API endpoint hosted by your Workbench instance.
      For example: https://<workbench-hostname>/scim/v2
    2. In the Unique identifier field for users field, type “userName”.
    3. For the Supported provisioning actions field, select the following:
      • Import New Users and Profile Updates

      • Push New Users

      • Push Profile Updates

        The Push Groups option is not supported by Workbench at this time.

    4. From the Authentication Mode drop-down, select HTTP Header.

  7. Workbench uses a bearer token to authenticate requests to the SCIM API. This token is required in order for Okta to communicate with Workbench. See the Managing tokens section for more information on how to generate this token.

  8. Copy the token and paste it into the Authorization field in Okta.

  9. To trigger a test of the connection to Workbench, click Test Connector Configuration. If the connection is successful, a similar message should display:

  10. Click Close to dismiss the message. Click Save to save the configuration.

With provisioning configured successfully, any users that are assigned to the Workbench application in Okta are automatically created in Workbench.

Back to top