SCIM Provisioning using Okta

Learn how to provision SCIM using Okta

The System for Cross-domain Identity Management (SCIM) user management API enables automatic provisioning of users between the Code Ocean platform and Okta.

Setting up Groups is the best way to ensure that new users will have all relevant Capsules, Data, and Pipelines available to them when they join, and that there will be no lost assets when team members leave.

It is best practice to utilize Group sharing when working with shared assets.

Requirements

  • Administrator or higher for Okta

  • Administrator in Code Ocean

Creating a Custom Application

  1. Navigate to Okta using the the URL provided to you in your activation email for example https://dev-12345678-admin.okta.com

  2. Sign in with your username/email address and Password

  3. Click Applications from the main and sub menu

  4. Code Ocean is not included in the App Catalog, an App Integration must be created

Configuring Provisioning

  1. Click Create App Integration

2. Select the Sign in method

3. Enter the General App Setting information and click Finish.

4. Select and click on the SCIM protocol, to synch the application to the Code Ocean platform

5. Click Provisioning

6. Click Integration

7. To integrate the API click Edit

8. in Unique identifier field for users enter "email"

9. Choose Http Header in Authentication Method

10. To enable the API Integration you need to obtain the credentials from Code Ocean

Code Ocean Credentials

  1. Sign into your Code Ocean platform

  2. Click Admin

  3. Click Integrations

  4. Scroll down to SCIM

  5. Click Copy to clipboard to copy the URL and paste it in Base URL in Okta

  6. Click Generate new token and paste in to Authorization in Okta

8. Click Test API Credentials

9. A confirmation message appears when the SCIM is successfully verified

10. Click Save

Assigning Users and Groups

Set Up User Provisioning

To assign groups, synch individuals into a group and synch the group's name to the system:

  1. Click the Assignments tab

    To assign individuals to a group

  2. Click Assign

  3. Click Assign to Groups

4. To assign users to a group click the name of the group

5. Click Assign People

6. Add or Remove members to or from the group by selecting the member, then click + or -

7. Click Save

8. To assign the group to the server select the Push Groups tab

9. Click Push Groups will synch the Group in Code Ocean

10. Click Find groups by name

11. Enter the name of the group

12. Click Close

To view the group in Code ocean navigate to the capsule, click Share, in Set Permissions for capsule click the dropdown, the group will show in the list. Any changes made to the group will synch back to Okta when saved.