Configuring SCIM with Okta

For users using Okta as their Identity Provider (IDP), LinearB offers a SCIM API in order to handle the following actions:

  • Provisioning users
  • Deprovisioning users
  • Promoting/demoting users

Pre-requisite info

To configure SCIM with Okta and LinearB, you will need the following items:

Configuring SCIM in Okta (Provisioning/Deprovisioning)

  1. In Okta, open the LinearB app.
  2. Navigate to the Provisioning tab and select "integration" on the left side of the page.
  3. Supply the requested information.
    1. LinearB SCIM base URL:
    2. Unique identifier field for users: email
    3. Supported provisioning actions: Push New Users, Push Profile Updates, Push Groups
    4. Authentication mode: HTTP Header
    5. HTTP Header - Authorization: SCIM token created in-app
  4. Click "Test Connector" to validate the connection.
  5. One connector is successfully configured, click save.
  6. Remain on the Provisioning tab in Okta, and navigate to "To App" on the left side of the page.
  7. Make sure that the Create Users, Update User Attributes, and Deactivate Users boxes are checked. (Sync Password should not be checked.) Save these settings.

Configuring SCIM in Okta (Promotion/Demotion)

  1. In Okta, navigate to Directory > Profile Editor > LinearB
  2. Select the option to add an Attribute.
  3. Create a new attribute with the following values:
    1. Data type: string
    2. Display name: User Role
    3. Variable name: userRole
    4. External name: userRole
    5. External namespace: urn:ietf:params:scim:schemas:core:2.0:User
    6. Description: LinearB User Role
    7. Enum: Check "define enumerated list of values" box
    8. Attribute members defined as below:
    9. Attribute required: Check "yes" box
    10. Attribute type: Personal
  4. Click Save
  5. We now need to ensure that the attributes leveraged by the SCIM integration will be sent. In Okta, navigate to Applications > LinearB > General > Edit SAML settings > Create the following mapping under Attribute Statements:

Testing the SCIM integration

  1. In Okta, assign a new user (not already assigned to the LinearB app) to the LinearB app (Assignments > Assign > Assign to people)
  2. Select the new user's role and click Save and Done
  3. In the Users tab in LinearB, confirm if that user appears
  4. In Okta, update the user's permissions to a new role and click save.
  5. In the Users tab in LinearB, confirm that the user's permissions are updated
  6. In Okta, unassign the test user from the LinearB app
  7. On the LinearB Users page, confirm that the user is no longer in LinearB

How did we do?

Powered by HelpDocs (opens in a new tab)