# SCIM Provisioning using Okta

The System for Cross-domain Identity Management (SCIM) user management API enables automatic provisioning of users between the Code Ocean platform and Okta. 

### Requirements

* Administrator or higher for Okta
* Administrator in Code Ocean

> **Note**: There are three Enterprise providers that Code Ocean supports, Okta, [Azure Active Directory](https://docs.codeocean.com/admin-guide/v2.2/the-admin-dashboard/scim-provisioning-using-azure-active-directory) and One Login.

### Creating a Custom Application

1. Navigate to Okta using the the URL provided to you in your activation email for example <https://dev-12345678-admin.okta.com>

2. Sign in with your username/email address and Password

3. Click **Applications** from the main and sub menu

   <img src="https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2FnfWGtTP9tYAUJhJ5k7ow%2FApplications.jpeg?alt=media&#x26;token=f186ddc6-ee4f-410e-9177-25447b63bf4b" alt="" data-size="original">

4. Code Ocean is not included in the App Catalog, an App Integration must be created

### **Configuring Provisioning**

1. Click **Create App Integration**

![](https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2FUMlcCEw0JHErJTBDFTSj%2FApplications%201.jpeg?alt=media\&token=c2fcf986-f72d-4d2d-9849-d8747af1e107)

2\.  Select the Sign in method

![](https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2FoM81QEi6PeLLntwUe689%2Fokta-dev-73893089%20-%20Applications%20-%20Google%20Chrome%202021-11-12%20at%204.39.40%20PM.jpeg?alt=media\&token=0ad34c99-3273-4c56-9695-f2bbc6b029a1)

3\.  Enter the General App Setting information and click **Finish**.

<div align="center"><img src="https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2FE7BKRFqAhqb1oRq4paqa%2Fokta-dev-73893089%20-%20Applications%20-%20Google%20Chrome%202021-11-12%20at%203.45.15%20PM.jpeg?alt=media&#x26;token=27adfae5-ba43-49a5-a782-4122eb5b360d" alt=""></div>

4\.  Select and click on the SCIM protocol, to synch the application to the Code Ocean platform

5\.  Click **Provisioning**

6\.  Click **Integration**

![](https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2FfVtjwrmN1j4Oy06saTA6%2FProvisioning%20and%20Integration%201.jpeg?alt=media\&token=004a089b-58d9-4798-b0e4-63ea05db4559)

7\.  To integrate the API click **Edit**

![](https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2F0k7NggNTDRgiErQSIE5w%2FArrow%20Integration%201.jpeg?alt=media\&token=b6ca66fb-ef43-484c-ad3a-32ee57fa24a7)

8\.  To enable the API Integration you need to obtain the credentials from Code Ocean

### **Code Ocean Credentials**

1. Sign into your Code Ocean platform
2. Click **Admin**

   ![](https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2FKoYtoO6UhqaBOO8BtxBR%2FAdmin%201.jpeg?alt=media\&token=f591d1c0-dd3d-4d05-806c-43ff9c2bf70f)
3. Click **Integrations**

   ![](https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2F5uQVsksWd0Pg1SNoIYyU%2FIntegrations.jpeg?alt=media\&token=bd1cbf0c-71fe-45c2-85f6-187a7be6ff05)
4. Scroll down to SCIM
5. Click **Copy to clipboard** to copy the URL and paste it in **Base URL** in Okta
6. Click **Generate new token** to obtain the provisioning token

<div align="left"><img src="https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2FYQkbjVRwPGjipaPSkCVo%2FSCIM%20URL%20and%20Token.jpeg?alt=media&#x26;token=99c0f6cb-3f6a-4925-9411-438870a04c3f" alt=""></div>

7\.  Copy the Provisioning Token and paste it in **API Token** in Okta

8\.  Click **Test API Credentials**

![](https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2FTZCCo0rQE0PfFiJDyIvB%2FTest%20API%20Credentials.jpeg?alt=media\&token=c8a88778-636c-4a95-919c-59ff82f52f48)

9\.  A confirmation message appears when the SCIM is successfully verified

![](https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2FlWJIyhJcYhfyVWj3rumz%2FConfirmation.jpeg?alt=media\&token=cef02ca2-89f7-429b-9089-fbf856ec13b3)

10\.  Click **Save**

## Assigning Users and Groups

### Set Up User Provisioning

To assign groups, synch individuals into a group and synch the group's name to the system:

1. Click the **Assignments** tab

   To assign individuals to a group
2. Click **Assign**
3. Click **Assign to Groups**

![](https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2FQ2Ev9Kzuel3XCj85X0Qa%2FAssign.jpeg?alt=media\&token=d64a90c2-0f20-4981-a927-e980d6bc3562)

4\.  To assign users to a group click the name of the group

5\.  Click **Assign People**

6\. Add or Remove members to or from the group by selecting the member,  then click + or -

7\.  Click **Save**

![](https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2F2X3wqmmNljYPxfvZLtih%2FAddRemove.jpeg?alt=media\&token=d56f46f7-9a9b-454a-b510-4e7dbe907c34)

8\. To assign the group to the server select the **Push Groups** tab

9\.  Click **Push Groups** will synch the Group in Code Ocean

1&#x30;**.**  Click **Find groups by name**

![](https://431658643-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FN4HAdC25sJNd7cB9fSwD%2Fuploads%2FiVK24BgvGwaJ3WD5QeLe%2FPushGroups.jpeg?alt=media\&token=5fb96bba-e421-4490-b078-c423409066b6)

11\. Enter the name of the group

12\.  Click **Close**

To view the group in Code ocean navigate to the capsule, click **Share,** in  Set Permissions for capsule click the dropdown, the group will show in the list. Any changes made to the group will synch back to Okta when saved.