Using the SCIM specification, you can automatically import users from your Identity Provider (such as Active Directory/EntraID or OKTA) into EvaluAgent.

To allow you to set up user management from a third-party in EvaluAgent, you will need a role that includes the Manage security settings permission.

To provision users for EvaluAgent, you must use one of the supported third-party user management solutions. This can be found below.

Currently Supported Solutions

If the solution you are using is supported, then proceed through this guide to get set up and allow users to be synchronised.

You may see a spinning icon for a few seconds while we are processing your request.

Upon completion, you will be shown two fields:

Take note of the URL and the Secret displayed here, as it will be required later on when setting up your application in OKTA.

In terms of setting up on EvaluAgent, that's it! Next, we will look at what you need to do in OKTA.

Firstly, you must ensure you have the relevant permissions in OKTA to manage users, groups, and other enterprise applications.

Select - Create App Integration from the applications list in OKTA.

Create an App name in General settings, then click Next.
​
​
Under the Configure SAML tab, add the 'Single sign-on URL' and 'Audience URI (SP Entity ID)', then click Next.

This will take you to the general tabs which will show the App Settings screen from where need to make sure the enable SCIM provisioning section has been selected, if not click Edit and 'Enable SCIM provisioning'.

Once enabled, click on the Provisioning tab and select Edit.

Once you have done this, go into EvaluAgent -> Settings -> Security settings tab and select the SCIM provisioning tab and click Generate Unique SCIM URL.

The following screen will appear once generated;

Once generated, copy the SCIM Provision URL and paste the URL into the SCIM connector base URL, as shown below, and then copy the SCIM Secret and paste the secret into the Authorisation box.
​
The 'Unique identifier field for users' needs to be 'email'.
​
Then select 'Push New Users', 'Push Profile Updates' and change the 'Authentication Mode' to be 'HTTP Header', then select save.

Once users are sent from OKTA to EvaluAgent, they will be placed in a "Pending" state, and an action will be required to activate them, similar to how manual user creation works.

If there are pending users that need to be actioned, a count in the Pending Users tab shows at a glance whether any users are waiting.

When a third-party user management solution is used under a contract, we disable manual user creation in EvaluAgent, as this should be handled within the third party platform.

When a user is pending, you can click on the Pending status button and the edit modal will open, you will see that the forename, surname, email and username fields are locked and unable to be edited. Only fields specific to EvaluAgent will be editable.