Setup Guide: ActivTrak for SCIM-Okta‬ Integration (EA)‬

Contents

• What is SCIM?
• Use cases‬
• Requirements
• Setup instructions‬
  • Generate ActivTrak SCIM API key
  • Create an SSO integration that supports SCIM‬
  • Walkthrough of SWA‬
  • Configure the ActivTrak SCIM Integration‬
  • Enable Provisioning Options‬
  • Remove unsupported mappings‬
  • Add Users and Groups
• Learn more

What is SCIM?

The System for Cross-domain Identity Management (SCIM) is a standard protocol that automates the exchange of user identity information between systems, thereby reducing manual work and security risks.

Use cases‬

The ActivTrak-OKTA integration via SCIM API (Early Access) supports these admin capabilities:‬

1. User provisioning‬: Automatically creates ActivTrak user accounts when users are added to your identity provider

Note: ActivTrak Agent install is required separately

2. User deprovisioning‬: Automatically removes user access when accounts are deactivated in your identity provider

Note: ActivTrak Agent uninstall is required separately

3. Group Management‬: Automatically adds and removes users to ActivTrak Groups based on group membership in your identity provider

Requirements

• ActivTrak SCIM API key via the ActivTrak App - Integrations page
• Access to the Okta Admin Console
• Permissions to manage applications within Okta

Setup instructions‬

Generate ActivTrak SCIM API key

1. Log in to the ActivTrak application
2. Navigate to APIs & Integrations > Integrations
3. Locate the OKTA via SCIM card and click + Add Instance

4. The OKTA via SCIM drawer will open. Input an API Key Name. Copy and store the API Key. Then click Save.

Note: The key can only be copied at this time. If lost, it can be regenerated.

5. Once the process is complete, the card will display the View Instance button

Create an SSO integration that supports SCIM‬

Using the App Integration Wizard, create a custom SSO integration using either SAML or SWA:‬

• ‬Create SAML app integrations‬
• Create SWA app integrations‬

Walkthrough of SWA‬

1. In the Okta Admin Console, click Admin on the top right

2. Navigate to Applications > Applications

3. Click Create App Integration

4. Select SWA (Secure Web Authentication)

5. Add General Settings‬
6. Set the‬ App’s login page URL‬ field to:‬ https://api.activtrak.com/auth/v2/authenticate

7. Set‬ the Who sets the credentials‬‭ field to “Administrator sets Username and Password”
8. Set the‬ Application username‬‭ field to “Email”
9. Set‬ the Update applicationusername‬ field to “Create and Update”

Configure the ActivTrak SCIM Integration‬

1. After creating your SWA integration, click the General tab
2. In the App Settings section, click Edit

3. In the Provisioning field, select SCIM, then click Save

4. Select the Provisioning tab

5. Set the SCIM connector base URL based on your ActivTrak instance location:

US instances: https://api.activtrak.com/scim/v1

EU instances: https://api-eu.activtrak.com/scim/v1

Other regions: Check our API documentation for your specific base URL

6. Set‬ the Unique identifier field for users‬ to “userName”
7. Check the following desired actions‬:
   • Push New Users‬
   • Push Profile Updates‬
   • Push Groups‬

8. In authentication mode, select HTTP header, and paste your Activtrak API key into the token‬ textbox

9. Testing the configuration should display the following:‬

Enable Provisioning Options‬

1. In the Provisioning tab, select To App from the left column
2. Click Edit

3. Enable these options:
   • Create Users
   • Update User Attributes
   • Deactivate Users

Remove unsupported mappings‬

1. In the Provisioning tab under To App options, scroll to SCIM AT Attribute Mappings
2. Click Go to Profile Editor

3. Click on Mappings

4. Select “Do not map” for the following mapping fields:

5. Verify that the following mapping fields remain:‬

6. Return to the Attributes screen and delete the following:

7. Verify that the following Attributes remain:

Add Users and Groups

To push users to ActivTrak from Okta:

1. From the applications list, click the gear icon for ActivTrak SCIM SWA and select Assign to users

2. Select from the list of unassigned users and click Assign to provision them to your SCIM application

3. Alternatively, you can select the application and click Assign > Assign to people

Note: To push users to ActivTrak from Okta, users must exist in Directory > People. To create a new user, click the Add Person button. The user will receive an email to complete their Okta account setup.

To push groups to ActivTrak from Okta:

1. Create Okta groups in Directory > Groups

2. In the SCIM SWA app, select Push Groups

3. Assign the groups you want to sync to the Groups page in ActivTrak

Note: Users with multiple agents will have each agent added to groups as a separate member. Therefore, the number of group members may be larger in ActivTrak than in Okta. For example, if Tyler has 2 user agents, adding him to a group will result in 2 members. You can merge these user agents to consolidate group membership.

Your ActivTrak SCIM integration is now set up! Users and groups will be automatically provisioned according to your settings.

Learn more

• Integrating Other Tools with ActivTrak
• Groups in ActivTrak