Configuring SCIM in OKTA

Overview

This article provides step-by-step instructions to configure SCIM (System for Cross-domain Identity Management) in Okta for LinearB.

Requirements

LinearB supports SCIM V2.0 and adheres to the User Core Schema for user creation and updates.

• SCIM version: V2.0
• Supported SCIM schema: urn:ietf:params:scim:schemas:core:2.0:User

Prerequisites

SCIM-based user provisioning is available to Enterprise customers. Ensure you have:

• An admin account in Okta.
• An admin account in LinearB.
• SCIM API token from LinearB.

Key Features

• Auto-provisioning: Users assigned to the LinearB application in Okta are automatically created in LinearB.
• User Core Attribute Updates: Core schema fields changes in Okta sync automatically to LinearB.
• User Deactivation: Deactivated users in Okta are automatically removed from LinearB.

Step 1: Enable SCIM in LinearB

1. In LinearB, go to Company Settings > Settings, and click the API Tokens tab.
2. Click Create API Token, enter a label, and click Create.

1. Copy your new token immediately, as you won’t be able to view it again later.
2. Navigate to Authentication > SCIM Provisioning.
3. Enable SCIM and click Save.

Step 2: Configure SCIM in Okta

2.1 Enable SCIM Provisioning

1. In Okta, open the LinearB app .
2. Go to provisioning tab click on “Enable API integration”  and provide the token from step 1

1. Click on “Test API credentials” If the credentials pass, click “Save.” Otherwise, ensure that the correct token has been provided.

   

2. Under provisioning tab in “To App” settings Make sure “Create” and “deactivate” user are selected (you can scroll down to see all supported attributes

   

3. SCIM is now set. Go to “Assignments” and assign individuals or groups to your organization, select the appropriate privilege and specify the team ID scope for the team/s the user should have access to.

Step 3: Assign Users

1. In Okta, go to LinearB Application > Assignments.
2. Click Assign > Assign to People.

Select a user, set User Role and Team Scope.

• Example: Team ID: 74981, Group Name: SCIM Tutorial, and ID: 68250, Team Name: Beatles
• To retrieve the internal IDs of LinearB teams, please use public API or LinearB platform.

1. Click Save and Go Back > Done.
2. Validate SCIM In LinearB:
   1. Go to LinearB app and open Company Settings
      1. Check that the user appears in Company Settings > Users.
      2. Verify that the User Role and Team Assignments are correct.
      3. Perform a manual resync if necessary by reassigning the user in Okta.

Edge Cases and Troubleshooting

Edge Case 1: User Already Exists with a Different Username

Issue: If a user was manually created in LinearB before SCIM provisioning, their username may differ.

Solution:

• Alternatively, remove and reassign the user through Okta.

Edge Case 2: Missing Attributes in SCIM Response

Issue: User attributes do not appear correctly in LinearB.

Solution:

• Ensure that all custom attributes (userRole, scopeTeamIds) are mapped correctly in Okta.
• Verify that the SCIM provisioning actions are enabled in Okta.
• Run the Test Connector to check for missing fields.

Edge Case 3: User Not Being Assigned to the Correct Team

Issue: A provisioned user does not receive the expected team assignments.

Solution:

• Verify that the Team Scope attribute (scopeTeamIds) is configured correctly.
• Ensure that the user has been assigned to a team in Okta Assignments.
• Check LinearB’s API or UI for manually assigned teams and adjust accordingly.

Edge Case 4: SCIM Connector Fails During Setup

Issue: SCIM provisioning fails when testing the connector.

Solution:

• Ensure the LinearB API token is valid.
• Check Okta logs for specific error messages and troubleshoot accordingly.

Summary

By following this guide, SCIM in Okta is correctly configured for LinearB, ensuring proper user provisioning, role assignments, and naming conventions.

For additional support, contact LinearB Support.