Setup Guide: ActivTrak SCIM-Okta‬ Integration (Beta)‬

Contents

• What is SCIM?
• Use cases‬
• Requirements
• Setup instructions‬
  • Create an SSO integration that supports SCIM‬
  • Walkthrough of SWA‬
  • Configure the ActivTrak SCIM Integration‬
  • Enable Provisioning Options‬
  • Remove unsupported mappings‬
  • Add Users and Groups
• Learn more

What is SCIM?

System for Cross-domain Identity Management (SCIM) is a standard protocol that automates the exchange of user identity information between systems, reducing manual work and security risks.

Use cases‬

The ActivTrak-OKTA integration via SCIM API (Beta) supports these admin capabilities:‬

1. User provisioning‬: Automatically creates ActivTrak user accounts when users are added to your identity provider
   • Note: ActivTrak Agent install is required separately
2. User deprovisioning‬: Automatically removes user access when accounts are deactivated in your identity provider
   • Note: ActivTrak Agent uninstall is required separately
3. Group Management‬: Automatically adds and removes users to ActivTrak Groups based on group membership in your identity provider

Requirements

• ActivTrak integration key (request via integration-feedback@activtrak.com)
• Access to the Okta Admin Console
• Permissions to manage applications within Okta

Setup instructions‬

Create an SSO integration that supports SCIM‬

Using the App Integration Wizard, create a custom SSO integration using either SAML or SWA:‬

• ‬Create SAML app integrations‬
• Create SWA app integrations‬

Walkthrough of SWA‬

1. In the Okta Admin Console, click Admin on the top right

2. Navigate to Applications > Applications

3. Click Create App Integration

4. Select SWA (Secure Web Authentication)

5. Add General Settings‬
6. Set the‬ App’s login page URL‬ field to:‬ https://api.activtrak.com/auth/v2/authenticate

‬

7. Set‬ the Who sets the credentials‬‭ field to “Administrator sets Username and Password”
8. Set the‬ Application username‬‭ field to “Email”
9. Set‬ the Update application username‬ field to “Create and Update”

Configure the ActivTrak SCIM Integration‬

1. After creating your SWA integration, click the General tab
2. In the App Settings section, click Edit

3. In the Provisioning field, select SCIM, then click Save

4. Select the Provisioning tab

5. Set the SCIM connector base URL to “‬https://api.activtrak.com/scim/v1‬”
6. Set‬ the Unique identifier field for users‬ to “userName”
7. Check the following desired actions‬
   • Push New Users‬
   • Push Profile Updates‬
   • Push Groups‬

8. In authentication mode, select HTTP header, and paste your Activtrak API key into the token‬ textbox

9. Testing the configuration should display the following:‬

Enable Provisioning Options‬

1. In the Provisioning tab, select To App from the left column
2. Click Edit

3. Enable these options:
   • Create Users
   • Update User Attributes
   • Deactivate Users

Remove unsupported mappings‬

1. In the Provisioning tab under To App options, scroll to SCIM AT Attribute Mappings
2. Click Go to Profile Editor

3. Click on Mappings

4. Select “Do not map” for the following mapping fields:
   • honoricPrefix‬
   • honoricSuffix‬
   • profileUrl‬
   • nickName‬
   • primaryPhone‬
   • streetAddress‬
   • locality‬
   • region‬
   • postalCode‬
   • country‬
   • formatted‬
   • preferredLanguage‬
   • locale‬
   • timezone‬
   • userType‬
   • costCenter‬
   • organization‬
   • division‬
   • department‬
   • managerValue‬
   • managerDisplayName‬

5. Verify that the following mapping fields remain:‬
   • givenName‬
   • familyName‬
   • middleName‬
   • email‬
   • displayName‬
   • employeeNumber‬
6. Return to the Attributes screen and delete the following:
   • honoricPrefix‬
   • honoricSuffix‬
   • profileUrl‬
   • nickName‬
   • Primary Phone‬
   • Primary phone type‬
   • Street Address‬
   • Address type‬
   • locality‬
   • region‬
   • postalCode‬
   • country‬
   • formatted‬
   • preferredLanguage‬
   • locale‬
   • timezone‬
   • userType‬
   • costCenter‬
   • organization‬
   • division‬
   • department‬
   • managerValue‬
   • managerDisplayName‬
7. Verify that the following Attributes remain:
   • userName‬
   • givenName‬
   • familyName‬
   • middleName‬
   • email‬
   • emailType‬
   • displayName‬
   • employeeNumber‬‭

Add Users and Groups

To push users to ActivTrak from Okta:

1. From the applications list, click the gear icon for ActivTrak SCIM SWA and; select Assign to users

2. Select from the list of unassigned users and click Assign to provision them to your SCIM application

3. Alternatively, you can select the application and click Assign > Assign to people

Note: To push users to ActivTrak from Okta, users must exist in Directory > People. To create a new user, click the Add Person button. The user will receive an email to complete their Okta account setup.

To push groups to ActivTrak from Okta:

1. Create Okta groups in Directory > Groups

2. In the SCIM SWA app, select Push Groups

3. Assign the groups you want to sync to the Groups page in ActivTrack

Note: Users with multiple agents will have all agents added to groups as separate members. Therefore, the number of group members may be larger in ActivTrak than in Okta. For example, if Tyler has 2 user agents, adding him to a group will result in 2 members. You can merge these user agents to consolidate group membership.

Your ActivTrak SCIM integration is now set up! Users and groups will be automatically provisioned according to your settings.

Learn more

• Integrating Other Tools with ActivTrak
• Groups in ActivTrak