How to Configure the SCIM User Directory for Okta

To configure Okta for a SCIM directory, you must first create a SCIM user directory via the SecureEdge Manager. You must copy the generated values of a SCIM endpoint and a primary/secondary token and use them in the provider SCIM setup. This article also covers the configuration of the Okta SCIM and includes how to create a SCIM 2.0 test app (header auth) application on Okta with user/group provisioning and assign the users or groups for immediate sync of the SCIM user directory on the Identity > Settings page.

Step 1 Configure SCIM

1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

2. In the left menu, click the Tenants/Workspaces icon and select the workspace you want to configure the Okta user directory for.

3. In the left menu, click Identity > Settings.
   

   

4. The Settings page opens.

5. In the User Directories section, click Add User Directory and select SCIM from the user directory drop-down menu.
   

   

6. The Add User Directory page opens.

7. Under User Directory Info tab, specify the values for the following:

   • Display Name – Enter display name.
     

     

8. Click Add.

9. You can see the SCIM user directory endpoint and primary / secondary tokens are displayed. You can use these values in the provider SCIM setup.
   

   

10. Click on the clipboard icon to copy and paste the token to a text file. Note: You can regenerate these tokens by clicking on the rotate icon.

11. Click Finish.

12. In the User Directories table, a new SCIM user directory has been added. Under the fieldname STATUS, you can see that the STATUS is shown as pending. The directory sync may take a few minutes.
    

    

13. To configure Okta for the SCIM user directory, go to Step 2.

14. After the directory sync is completed, verify that in the User Directories table, under the fieldname STATUS, the text has changed to Completed with a green check mark. In addition, verify that you see all SCIM directory users and groups on the respective Identity > Users and Identity > Groups pages.

Step 2 Configure the SCIM 2.0 Test App (Header Auth) Application

Use the following steps to create a SCIM 2.0 test app (header auth) application on Okta with user/group provisioning and to assign users/groups for immediate sync of the SCIM user directory on the Identity > Settings page.

1. Go to the Okta Admin Dashboard.

2. Expand the Applications menu on the left and select the Applications.
   

   

3. The Applications page opens. Click Browse App Catalog.
   

   

4. Search for SCIM 2.0 Test App and select SCIM 2.0 Test App (Header Auth).
   

   

5. Click Add Integration.

   

6. The Add SCIM 2.0 Test App (Header Auth) page opens. Enter a label for Application label, e.g., SCIM 2.0 Test App (Header Auth) sample.
   

   

7. Click Next.

8. In the Sign-On Options tab, under Sign on methods specify values for the following:

   • SAML 2.0 – Select SAML 2.0.

   • Secure Web Authentication – Select Secure Web Authentication .

9. Under the Credentials Details section, set Application username format to Email.
   

   

10. Click Done.

11. Under Provisioning, click Configure API Integration.

    

12. Select Enable API integration and specify values for the following:

    • Base URL – Enter the base URL. Enter the SCIM Endpoint you retrieved in Step 1.

    • API Token – Enter the API token from Identity Management. Note: You can enter either the primary or secondary token you retrieved in Step 1. The token format is Bearer <TOKEN>, for example: Bearer 3eb07061-4a60-43f2-b20c-d7e0652f474c.

      

13. To test the credentials, click Test API Credentials.

14. Verify it is successful and click Save.
    

    

15. Under the Provisioning To App section, click Edit. You can do the following:

    • You can enable Create Users, Update User Attributes, and Deactivate Users. Click Save.
      

      

16. After provisioning, you must assign users or groups to the app. To assign users or groups, you can now proceed with Step 3 (Users) or Step 4 (Groups).

Step 3 Users Provisioning

There are different ways to assign users to your application. Three methods are explained below.

Method 1

To assign the users to be synced, do the following:

1. Go to your Application you created in Step 1.

2. Under Assignments, click Assign and select Assign to people from the drop-down menu.
   

   

3. The Assign SCIM 2.0 Test App (Header Auth) App to People page opens.

4. You can either search for the user or select the existing user. Click Assign next to the selected user.
   

   

5. You can check or update the user credentials. Scroll down to the bottom of the page, and click Save and Go Back.

6. Verify that the status of the added user has changed to Assigned.
   

   

7. Click Done.

8. Under your Application in the Assignments tab, you can see the new user has been added successfully.
   

   

Method 2

1. Go to the Okta Admin Dashboard.

2. Expand the Directory menu on the left and select the People.
   

   

3. The People page opens. Under the Person & username column, click on <User Name>.
   

   

4. The selected <User Name > page opens. Click Assign Applications.
   

   

5. The Assign Applications page opens. Select your Application you created in Step 1, and click Assign.
   

   

6. You can check or update the user credentials. Scroll down to the bottom of the page, and click Save and Go Back.

7. Click Done.

8. In the selected <User Name> page under the Applications tab, you can see the new application has been assigned successfully.
   

   

Method 3

1. Expand the Applications menu on the left and select the Applications.

2. The Applications page opens. Click Assign Users to App.
   

   

3. Under the Applications section, select your application you created in Step 1.
   

   

4. Under the People section, select the user and click Next.
   

   

5. Verify your user-specific attributes. Click Confirm Assignments.
   

   

6. Under your Application in the Assignments tab, you can see the new user has been added successfully.
   

   

   
   

Step 4 Groups Provisioning

There are different ways to assign groups to your application.

Method 1

To assign groups to be synced, do the following:

1. Go to your Application you created in Step 1.

2. Under Assignments, click Assign and select Assign to Groups from the drop-down menu.
   

   

3. The Assign SCIM 2.0 Test App (Header Auth) App to Groups page opens.

4. You can either search for the group or select the existing group. Click Assign next to the selected group.
   

   

5. You can check or update the group attributes. Attributes you set will apply to all users in this group. Scroll down to the bottom of the page and click Save and Go Back.

6. Verify that the status of the added group has changed to Assigned.
   

   

7. Click Done.

8. Under your Application in the Assignments tab, you can see the new group has been added successfully.

Method 2

1. Go to the Okta Admin Dashboard.

2. Expand the Directory menu on the left, and select the Groups.

3. The Groups page opens. Click on <Group Name>, e.g., QA Group.
   

   

4. The selected <Group Name > page opens. Select Applications and click Assign applications.
   

   

5. The Assign Applications to <Name of Group> page opens. Select your Application you created in Step 1 and click Assign.
   

   

6. You can check or update the group attributes. Attributes you set will apply to all users in this group. Scroll down to the bottom of the page and click Save and Go Back.

7. Verify that the status of the added group has changed to Assigned.
   

   

8. Click Done.

9. Under the selected <Group Name> page in the Applications tab, you can see the new application has been assigned successfully.
   

   

Method 3 - Group Assignment Using Push Groups

Before you begin assigning Push Groups, you must first run either Method 1 or Method 2 and then proceed with Method 3.
To configure a SCIM 2.0 test app (header auth) application on Okta with push groups for instant sync of the SCIM user directory on the Identity > Settings page:

1. Expand the Applications menu on the left and select the Applications.

2. The Applications page opens. Select your application you created in Step 1.

3. Under your application, click Push Groups.

4. The Push Groups to SCIM 2.0 Test App (Header Auth) page opens.
   

   

5. Enter a group to push. For example, in this case QA Group. Click Save.
   

   

6. For the selected group, you can see Push Status is shown as Pushing.
   

   

7. After the directory sync is completed, you can see that the Push Status now displays as Active.
   

   

8. In addition, you can verify the status of the automatic group assignment in SecureEdge.

   • Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

   • In the left menu, click the Tenants/Workspaces icon and select the workspace you have configured the Okta user directory for.

   • Go to Identity > Settings.

   • After the directory sync is completed, verify that in the User Directories table, under the fieldname STATUS, the text has changed to Completed with a green check mark and one group synced.
     

     

   • Verify that you see Okta Directory users and groups on the respective Identity > Users and Identity > Groups pages.

     • On the Identity > Groups page, you can see a new group has been added successfully.

       

     • On the Identity > Users page, you can see a new user has been added successfully.