Okta Provisioning

With Provisioning you can automate common administrative tasks. By enabling the System for Cross-domain Identity Management (SCIM) you can connect Visma with Okta, so you can:

• Create users and groups

• Grant and revoke access to groups

• Edit attributes of users and groups

• Suspend deprovisioned users

Prerequisites

• Okta admin account

• Before you configure provisioning for Visma, you need to have configured a SAML App integration. A step by step guide to configure Okta as a SAML identity provider within Visma can be found here

• Make sure the ‘Application username format’ is defined as ‘Email’.

Configuration Steps

Once you have the SAML integration ready in Okta, follow the steps below:

1. Under your SAML application go to the “ General” tab and select  SCIM for Provisioning under the  App Settings.

   

2. Click  Save. Provisioning tab will be displayed.

3. Click on the  Provisioning tab, then click  Edit.

   

4. While on  SCIM Connection, go to the Provisioning page within Visma Authentication Settings and turn on SCIM 2.0 Provisioning.

   

5. Copy the  SCIM Endpoint and paste it into the  SCIM connector base URL field in Okta.

6. Fill in the  Unique identifier field for users field with value  userName.

7. For  Supported provisioning actions select your desired configuration.

   Visma supports Push New Users, Push Profile Updates and Push Groups.

   

8. While on  SCIM Connection go to Visma Authentication Settings Provisioning tab and based on your Okta provisioning actions, choose the desired Visma actions and triggers.

   

9. In Okta for  Authentication Mode select from the dropdown list  HTTP Header.

   

10. In Visma Authentication Settings, Provisioning tab click on  Generate SCIM token.

11. Copy the  SCIM token.

12. Click  Close.

    

13. While in Okta, paste the  SCIM token from Visma into the  Authorization field.

14. Click  Save to enable the SCIM provisioning.

    

15. Select from the left menu:  To app.

16. Click  Edit.

17. Choose your desired configuration by clicking enable.

    Visma supports ‘Create Users’, ‘Update User Attributes’ and ‘Deactivate Users’

18. Click  Save.

Assign People to Provisioning

You need to assign the people that need to be provisioned to the Visma app. You have the choice to assign individual people records or to assign people based on their group membership.

1. Click  Assign.

2. Click  Assign to People.

3. Select the user you need and click  Assign.

4. Click  Done.

   

Only groups that are selected under  Push Groups will be sent to Visma.

Provision Groups

Make sure the right Okta Groups are pushed now to Visma. Go to the  Push Groups tab, search for the Groups you want to push to Visma and add the Groups to the list.

1. Click  Push Groups.

2. Click  Find groups by name.

3. Search and select the desired group.

4. Click  Save.

5. Push Status should be  Active.