Configuring SCIM with Okta
For users using Okta as their Identity Provider (IDP), LinearB offers a SCIM API in order to handle the following actions:
- Provisioning users
- Deprovisioning users
- Promoting/demoting users
Pre-requisite info
To configure SCIM with Okta and LinearB, you will need the following items:
- LinearB SCIM base URL: https://public-api.linearb.io/scim/api/v2
- LinearB SCIM token: Navigate to Company Settings > API Tokens > Create SCIM Token
Configuring SCIM in Okta (Provisioning/Deprovisioning)
- In Okta, open the LinearB app.
- Navigate to the Provisioning tab and select "integration" on the left side of the page.
- Supply the requested information.
- LinearB SCIM base URL: https://public-api.linearb.io/scim/api/v2
- Unique identifier field for users: email
- Supported provisioning actions: Push New Users, Push Profile Updates, Push Groups
- Authentication mode: HTTP Header
- HTTP Header - Authorization: SCIM token created in-app
- Click "Test Connector" to validate the connection.
- One connector is successfully configured, click save.
- Remain on the Provisioning tab in Okta, and navigate to "To App" on the left side of the page.
- Make sure that the Create Users, Update User Attributes, and Deactivate Users boxes are checked. (Sync Password should not be checked.) Save these settings.
Configuring SCIM in Okta (Promotion/Demotion)
- In Okta, navigate to Directory > Profile Editor > LinearB
- Select the option to add an Attribute.
- Create a new attribute with the following values:
- Data type: string
- Display name: User Role
- Variable name: userRole
- External name: userRole
- External namespace: urn:ietf:params:scim:schemas:core:2.0:User
- Description: LinearB User Role
- Enum: Check "define enumerated list of values" box
- Attribute members defined as below:
- Attribute required: Check "yes" box
- Attribute type: Personal
- Click Save
- We now need to ensure that the attributes leveraged by the SCIM integration will be sent. In Okta, navigate to Applications > LinearB > General > Edit SAML settings > Create the following mapping under Attribute Statements:
Testing the SCIM integration
- In Okta, assign a new user (not already assigned to the LinearB app) to the LinearB app (Assignments > Assign > Assign to people)
- Select the new user's role and click Save and Done
- In the Users tab in LinearB, confirm if that user appears
- In Okta, update the user's permissions to a new role and click save.
- In the Users tab in LinearB, confirm that the user's permissions are updated
- In Okta, unassign the test user from the LinearB app
- On the LinearB Users page, confirm that the user is no longer in LinearB