Skip to main content
All CollectionsIntegrationOkta
Setup instructions for user provisioning in Klaxoon with Okta
Setup instructions for user provisioning in Klaxoon with Okta
Klaxoon. avatar
Written by Klaxoon.
Updated over 2 months ago


Prerequisites

  • SAML based SSO must be properly set up and functional before you start configuring automated provisioning.

  • The Klaxoon SCIM API requires a Secret Token related to a SCIM tenant URL. Get yours from Klaxoon beforehand (see here).

Configuration

Please follow these steps

1 - Create a new app integration :

Applications > Applications > Create App Integration

2 - Choose SAML 2.0

3 - General Settings

Fill General Settings with information of your choice (Klaxoon SCIM is a good name to remember what this app is about)


4 - Configure SAML SSO

To connect and test your SSO connection with Klaxoon, get in touch with us. Our support team will be happy to help!

5 - “Feedback” section

When prompted in the “Feedback” section, say you are adding an internal app and click Finish.

6 - SCIM provisioning

Your app is created. In the general settings, you can now enable SCIM provisioning

7 - Provisioning

You can now jump to the new Provisioning tab and edit the SCIM Connection panel:

For SCIM connector base URL use the Klaxoon SCIM URL received from Klaxoon support. (This URL can be different from customer to customer due to the different Klaxoon hosting tenants)
In the Unique identifier field type in “userName
Select Push New Users
Select Push Profile Updates
In Authentication Mode, select “HTTP Header” and paste your Secret Token in the Bearer Token field.

8 - Test Connector Configuration

At the end of this step, the connection between Klaxoon and your Okta can be tested with the Test Connector Configuration button. You should see the following screen as a result. Close the modal and Save.

9 - Sync between Okta and Klaxoon

The next step is to enable precisely what you will sync between Okta and Klaxoon.
(Please notice that we will not use Okta as a provisioning target, so the whole “To Okta” settings page is not relevant for us.)

In the “To App” settings page, do the following configuration:

Enable Create Users
Enable Update Users Attributes
Enable Deactivate Users



10 - Attributes Mappings

Below you will see the Attributes Mappings between Okta and Klaxoon.
Here is the minimum mapping we need to provision users in Klaxoon:

(it is not a problem to have more attributes mapped but Klaxoon will not use them)

11 - Sync your users

You can now try to sync your first users by assigning them to this Klaxoon SCIM app you’ve just configured. Be aware that for now you are not taking care of the licensing information, so the synced users will not receive a PRO license. Use fresh users who do not already have a Klaxoon license to avoid messing up with their licenses.

As soon as the user is assigned to the app, Okta sends a request via SCIM and Klaxoon creates the user. You can check by looking at the Reports > System Log and you will see the operations that just happened behind the scene.

12 - Licensing information

To add the licensing information you will need a custom attribute and map it to Klaxoon.

There are different valid ways to configure this in Okta, below is our recommendation that respects the Klaxoon SCIM rules as described here.


12.1 - Create the Okta user attribute

To do so, go to Directory > Profile Editor and choose the Okta User (default). Then click Add Attribute and reproduce below configuration:

Data type: string

Display name: Klaxoon License

Variable name: klaxoon_license

Define enumerated list of values as:

• PRO: value = true

FREE: value = false

12.2 - Create the Klaxoon user attribute

To do so, go to Directory > Profile Editor and choose your freshly created Klaxoon app. Then click Add Attribute and reproduce below configuration:

Data type: string

Display name: Klaxoon License

Variable name: klaxoon_license

External name: license

External namespace: urn:ietf:params:scim:schemas:extension:klaxoon:2.0:User

Define enumerated list of values as:

• PRO: value = true

FREE: value = false

Scope: User personal

12.3 - Map both attributes together

Click on the Mappings button and choose Okta User to your app.

(Are you lost? Go to Directory > Profile Editor > your Klaxoon app and then you’ll find the Mappings button)

At the end of the mapping, add the user.klaxoon_license attribute from Okta user to the klaxoon_license attribute of the Klaxoon user.

Save the mapping and confirm to Apply updates now (see related screenshot below).

13 - Add licensing information to your users

You can now add licensing information to your users. Edit their profile and set their Klaxoon License attribute to PRO to give them a license and check in Reports > System Log that everything went fine.

Did this answer your question?