SCIM user provisioning

SCIM, also known as System for Cross-domain Identity Management, represents the established industry standard for automating the provisioning of user accounts. This powerful protocol proves particularly valuable in scenarios where organizations rely on third-party Single Sign-On (SSO) providers such as Okta or Azure Active Directory for managing employee authentication. By leveraging SCIM, the seamless creation, updating, and deactivation of user accounts can be effortlessly synchronized across various applications, including the robust capabilities offered by DronaHQ. Consequently, companies utilizing DronaHQ alongside their preferred SSO provider can ensure efficient and automated user management processes, resulting in enhanced security and streamlined operations.

DronaHQ implements a comprehensive subset of the SCIM 2.0 API, specifically designed to seamlessly integrate with IDP vendors such as Okta. This allows for efficient user and role management within your applications.

To enable SCIM user provisioning, follow these steps:

1. Go to Manage Users → SSO Configuration → Add SSO → Add SSO → Add SAML → Fill in the information.

2. Now enable SCIM User Provisioning.

   

   Enable SCIM User provisioning

3. Generate the Authentication Token and copy the Auth Token.

4. Save the Authentication Token to Draft.

DronaHQ setup is now complete.

Next, follow the steps below in your Okta Account:

1. Go to Admin → Applications.
2. In the Applications page, click on Create App Integration and select SAML 2.0 → Insert Configuration Settings.
3. In the General Setting, under App Settings, select Edit and then in Provisioning, choose SCIM and save it.
4. Now, the Provisioning Tab will be enabled. In the Provisioning Tab, go to Setting sections → Integration → SCIM Connection → Edit.
5. Enter SCIM Connector base URL: https://<yourdomain.com>/api/scim/v2, and select Supported provisioning actions. Also, enter the Auth token copied from DronaHQ.

   

   SCIM Connection

6. Test and Save the Integration part.
7. In Settings, go to the To App Section → Edit.
8. Enable: Create Users, Update User Attributes, Deactivate Users, and Save it.

How to Add a User to Okta and DronaHQ:

1. To add a User Account that will be reflected on Okta and DronaHQ, go to Directory → People → Add Person → add information and save it.
2. This user is still not added to your DronaHQ App because it is created on part of Okta but not assigned to DronaHQ App. To perform that, go to Applications → select DronaHQ App integration → Assignment Tab → Click Assign → Assign to People → Search for your username.
3. Click Assign and then click Done. By performing these actions, it will replicate the creation of the user in DronaHQ. You can see their account added in the Manage User section.

   

   Okta Assign People

   

   DronaHQ Added User Output

How to Add a Group to Okta and DronaHQ:

1. To add a Group, go to Directory → Groups → Add Group → Enter Group Name.
2. To add people to the group, click on the specific group name, Click on Assign People button → Search for the user you want to add and click on the + button to assign people to that group. After that, click on Done.
3. This Group is still not added to DronaHQ, as it is not Pushed to DronaHQ. To push it, go to your application, go to Push Groups Tab → Click on Push Groups button.
4. Search for the group, select the group and Save it. This will replicate your Groups in DronaHQ.
5. One can see the push status, and it should turn to Active after a few seconds.

   

   Okta Assign Group

6. To check groups in DronaHQ, go to Manage Users section → Manage Groups, and it will list all the Groups.

   

   DronaHQ Added Group Output