Okta provisioning configuration (create app integration in Okta)

This guide is for Okta user provisioning setup with SCIM. Before starting this setup we suggest you to set up the SSO connection with Okta.

To set NordPass provisioning with Okta you need to have access to the Enterprise NordPass Admin Panel and Admin rights in the Okta account.

  1. Go to Okta and log in.

  2. Go to ApplicationsApplications and click on Create App Integration.

    Screenshot 2024-07-03 at 9.55.42 AM.png

     

  3. Check SWA - Secure Web Authentication and select Next.

    Screenshot 2024-07-03 at 9.59.30 AM.png

     
  4. Enter the App name; we suggest using ‘NordPass Provisioning’. Provide the App’s login page URL, this URL is not relevant for the integration because for the Single Sign-On you still need to set up the NordPass integration from the Okta Catalog. After these parameters are provided seleect Finish.

    Screenshot 2024-07-03 at 10.07.08 AM.png

    After these steps application will be created and you will need to set up the provisioning part.

  5. Go to the NordPass Admin Panel. Open Settings User & Group Provisioning Okta.

  6. In the opened window you will see the credentials needed for the provisioning setup. Save this credentials for the future, you will need them while setting up provisioning in Okta.

    Screenshot 2024-07-03 at 1.35.52 PM.png

     
  7. Go back to Okta.

  8. Go to ApplicationsApplications and select created app. Open the General tab, click on Edit, and select Enable SCIM Provisioning. Save the changes.

    Screenshot 2024-07-03 at 10.22.26 AM.png

     

  9. After changes are saved Provisioning tab will appear in the application setting list. Click on it.

    Screenshot 2024-07-03 at 10.23.44 AM.png

     
  10. Go to Provisioning tab → Integration to set up SCIM Connection. In the SCIM connection base URL enter the Base URL, you got in the NordPass Admin Panel. 

    For the Unique identifier field for users enter email.

    For Authentication Mode select HTTP Header.

    The Bearer is the Secret token you got in the NordPass Admin Panel.

    For Supported provisioning actions select:

    • Push New Users

    • Push Profile Updates

    • Push Groups

       

       
      Screenshot 2024-07-03 at 11.52.47 AM.png
       

      All these fields should be fields and after it is done click on the Test Connection Configuration. You should receive a Connector configured successfully message.

       

  11. In the application side menu choose To App and in the opened tab click on Edit. Mark these checkboxes on the screen and click Save:

    • Create Users

    • Update User Attributes

    • Deactivate Users

      Screenshot 2024-07-03 at 11.46.18 AM.png

Congratulations, your provisioning application is set! User provisioning is enabled and you can assign users to the application in Okta.

To provision groups from Okta, group provisioning should be enabled in NordPass. To do it you need to deploy the Encryption service. Encryption service provides the possibility for NordPass to keep the zero-knowledge architecture.

Encryption service deployment guides:

 

Was this article helpful?