SCIM
Last updated
Last updated
Okta SCIM Setup Instructions
Provides the steps required to provision users from Okta to Sobol
Sobol supports version 2.0 out of the box and provides the following features:
Import Users - quickly synchronize your users between Sobol and Okta
Create New Users - create new users in Okta and push them to Sobol
Profile Updates - update users in Okta and sync those updates to Sobol
Deactivate Users - deactivate users in Okta and reflect those changes in Sobol
Reactivate Users - reactivate users in Okta and follow suit in Sobol
In order to setup SCIM provisioning between Sobol and Okta, the following are required:
1. Issuing a Sobol API key and setting up the proper permissions
2. Providing that information to configure Okta
For the above:
You must already be a user and hold access to Sobol
You must already be an admin and hold access to Okta
To configure a new SCIM connection in Sobol:
Once logged in, click the hamburger menu on the top, left corner of the screen
Once the sidebar opens, click the Settings tab as show below:
Once in Settings, click on the Applications tab and then on the Add New Application button
Next, a permissions modal will open. Check the following permissions and hit Save:
role
user
You can now take this Key and use it to configure your SCIM settings in Okta
To configure a new SCIM connection in Okta:
Locate “Sobol” in your applications list and click to edit the settings
Under the “Provisioning” tab, click Configure API Integration
Next, check the Enable API integration box
Enter the API Key that you created in Sobol
Click Save
Voila! You are now able to fully control user provisioning with Okta.
Authentication Formats: Sobol supports Header Authentication (Bearer Token) using keys available in both HS256 and RS256 JWT formats. Some services such as AzureAD require smaller, more lean keys in which case please use HS256.
Supported Mappings: as of now, Sobol ONLY supports the provisioning of the following Okta attributes:
First Name - firstName
Last Name - lastName
Email - email
Username format: all users mapped across Sobol and Okta use their email to uniquely identify them.
Password Sync - given that Sobol does not store passwords directly, we do not support the Password Sync SCIM feature.
Groups - as of now, Sobol has no utilization for the Groups SCIM feature although this might change in the near future.
HTTP Patch Support: we currently ONLY support activation and deactivation using HTTP Patch.
Email Type - we currently do not support the `emailType` attribute and default this value to “work” as part of our SCIM responses.
If for any reason you do not have the following, please contact .
Login into your instance of
Once the modal opens, enter the application’s name and hit Create.
Once the app is created, a confirmation modal will open. Copy the Key for later use, agree to the conditions, and click Close.
user_profile
Log into your instance of and click on Admin button followed by Applications tab
Under the “Sign On” tab, ensure Application username format is set to “Email”
Click Test API Credentials; if successful, a verification message will appear on the screen. If unsuccessful, please contact .
Click Save
Select To App in the left panel, then select the Provisioning Features you want to enable
Sobol Account: You MUST have a Sobol account in order to set up provisioning. If for any reason you do not have the following, please contact .
Org ID: Configuring SCIM requires the use of your tenant’s ORG_ID. To obtain one, take note at the URL when using your instance of Sobol:
SCIM Endpoint: All SCIM endpoints for your tenant are housed under the following URL scheme: .
