Using the SCIM specification, you can automatically import users from your Identity Provider (such as Active Directory or OKTA) into EvaluAgent.
Table of contents
Prerequisites
To allow you to set up user management from a third party in EvaluAgent you will need to have a role that includes the permission, Manage security settings.
To provision users to EvaluAgent, you must be using one of the supported third-party user management solutions that we support. This can be found below.
Currently Supported Solutions
- Azure Active Directory
- OKTA
If the solution you are using is supported then proceed through this guide to get set up and allow users to be synchronised.
Getting Started
You may see a spinning icon for a few seconds while we are processing your request.
Upon completion, you will be shown two fields SCIM Provision URL & SCIM Secret. It's very important to note that SCIM Secret will only be shown once and thereafter only the URL will be visible when you revisit the page. This is an intentional feature and is for the purposes of security.
Take a note of the URL and the Secret displayed here as it will be required later on when setting up your application in OKTA.
In terms of setting up on EvaluAgent, that's it! Next, we will look at what you need to do in OKTA.
Setting up on OKTA
Firstly, you must ensure that you have relevant permissions on OKTA to be able to manage users, groups and other enterprise applications.
Creating the application
Select - Create App Integration from the applications list in OKTA.
Create an App name within General settings and click Next.
Under the Configure SAML tab you will need to add in the 'Single sign-on URL' and the 'Audience URI (SP Entity ID)' and then click Next.
This will take you to the general tabs which will show the App Settings screen from where need to make sure the enable SCIM provisioning section has been selected, if not click Edit and 'Enable SCIM provisioning'.
Once enabled click on the Provisioning tab and select Edit.
Once you have done this go into EvaluAgent -> Settings -> Security settings tab and select the SCIM provisioning tab and click Generate Unique SCIM URL.
The following screen will appear once generated.
Once generated copy the SCIM Provision URL and paste the URL into the SCIM connecter base URL as shown below and then copy the SCIM Secret and paste the secret to the Authorization box.
The 'Unique identifier field for users' need to be 'email'.
Then select 'Push New Users', 'Push Profile Updates' and change the 'Authentication Mode' to be 'HTTP Header' then select save.
Handling third party users in EvaluAgent
Once users are being sent from OKTA to EvaluAgent, they will be placed into a "Pending" state and action will be required to activate them, similar to how manual user creation would work.
If there are pending users that need to be actioned, there will be a count in the Pending Users tab to allow you to see at a glance if there are any users waiting.
When a third party user management solution is being used on a contract, we disable manual user creation in EvaluAgent as this should be done via the third party.
When a user is pending, you can click on the Pending status button and the edit modal will open, you will see that the forename, surname, email and username fields are locked and unable to be edited. Only fields specific to EvaluAgent will be open for editing.
Comments
0 comments
Please sign in to leave a comment.