Skip to main content

Okta SCIM Configuration (Early Release)

This guide describes how to configure uStudio’s Okta SCIM integration. This is an ideal solution if your identity provider is Okta. You can perform create, read, update, and delete (CRUD) operations on users and groups. These actions give you more flexibility in controlling your uStudio user base in real time.

Please note the following:

  • You’re configuring an unofficial Okta application for early release purposes.
  • An official Okta application is actively being developed by uStudio. We’re working on getting SCIM and SAML/SSO to be an all-in-one application with Okta.
  • uStudio Okta SSO is a separate application that is required to support single sign-on and SAML based groups in conjunction with uStudio Okta SCIM.
  • You can use Okta SCIM for our database connected studios with existing users. Warning: Invitations aren’t sent out when pushing new users in the database; therefore, pushing new users isn’t recommended.
  • Please check out Migrating Okta SCIM (down below) when updating this application.

Features

Check out our Okta SCIM User Guide (Early Release) that describes how to use these features below.

Import Users and Groups - through Okta to uStudio Enterprise Podcast.

Push New Users - through Okta to uStudio Enterprise Podcast with automatic activation by assignment. This feature doesn’t send out invitations; therefore, uStudio Okta SSO is recommended.

Push Profile Updates - through Okta to uStudio Enterprise Podcast. The first name, last name, and primary email can be changed.

Push User Deactivation - through Okta to uStudio Enterprise Podcast by unassignment. Users will no longer have access and their profile information and analytics will be retained.

Push User Reactivation - through Okta to uStudio Enterprise Podcast by assignment. Users will have access again and their analytics will continue to be tracked.

Push New Groups - through Okta to uStudio Enterprise Podcast with automatic creation and user activation via Push Groups. You're now managing SCIM groups. These groups will be updated in real time.

Assign Groups - through Okta to uStudio Enterprise Podcast by assignment. You’re now managing hybrid SAML/SCIM groups. You will need uStudio Okta SSO and to map these groups by setting the Company SSO Group Name to the name of the group in Okta as described here. These groups will be updated every time a user logins.

Prerequisites

Please contact support@ustudio.com to establish a service account and to receive your SCIM API TOKEN, ACCOUNT-UID, and CONNECTION-UID.

Configuring Okta SCIM

  1. Log into Okta as an admin.
  2. Go to the Applications tab in the Classic UI menu.
  3. Click Add Application. okta_er_01.png
  4. Search for SCIM 2.0 Test App (Header Auth). okta_er_02.png
  5. Click Add. okta_er_03.png
  6. Set Application label as uStudio SCIM.
  7. Check “Do not display application icon to users.”
  8. Check “Do not display application icon in the Okta Mobile App.”
  9. Click Done.
    Okta_ER_General_Settings.png
  10. From the application, click on the Provisioning tab and then click Configure API integration. okta_01.png
  11. Select Enable API integration. okta_02.png
  12. Enter Base URL as https://named-users.ustudio.com/api/v1/accounts/ACCOUNT-UID/connections/CONNECTION-UID and API Token as Bearer TOKEN.
    okta_new_scim_er.png 
  13. Click Test API Credentials. If the test passes, click Save.
  14. Click To App under Settings.
  15. Click Edit and select Enable for Create Users, Update User Attributes, and Deactivate Users. okta_04.png
  16. Click Save to apply the integration settings.
  17. Scroll down the To App section to find uStudio SCIM Attribute Mappings. Then by clicking the “X” button, carefully remove all mappings except for Username, First name, Last name, and Primary email.
    Okta_ER_ToApp_Settings.png
  18. Select the To Okta section up-top and scroll down to find Okta Attribute Mappings. Then by clicking the “X” button, carefully remove all mappings except for Username, First name, Last name, and Primary email.
    Okta_ER_ToOkta_Settings.png
  19. Click “Go to Profile Editor.” Then by clicking the “X” button, carefully remove all mappings except for Username, Given name, Family name, and Primary email.
    Okta_ER_Profile_Settings.png

Migrating Okta SCIM

uStudio SCIM has recently been updated to provide a better overall experience to Okta customers. Here is a summary of the changes:

  • Base URL now contains a CONNECTION-UID to make it more application specific to your integrations. We needed a way to separate ourselves from our own SCIM connections that are used for the Podcast Management Console (PMC).

To take advantage of these changes, you have to re-authenticate to uStudio’s SCIM API. To do this, follow the steps below:

  1. Login in your Okta organization as an Admin.
  2. Open the Admin UI.
  3. Open your uStudio SCIM application instance.
  4. Go to the Provisioning tab.
  5. On the Settings sections, click API Integration.
  6. Click on Edit.
  7. Change your Base URL as shown in step 12 above.
  8. Click Test API Credentials and then click Save.
    okta_new_scim_er.png
  9. The new SCIM features should now be enabled for your uStudio SCIM application.

Troubleshooting

userName - in Okta cannot be changed because it is bound to an account in uStudio. We recommend creating a new user if the person doesn't wish to use a certain email address as their userName. However, it is possible to change the first name, last name, and primary email address.

If you have any questions or concerns with our Okta SCIM integration, please contact support@ustudio.com.

Facebook Twitter LinkedIn
Where Media Goes to Work ™
©2020 uStudio, Inc.
Privacy Security
Home About Press Patents Contact Blog Community Careers