Invited User Administration is supported for the Elements application.
This enables Okta to:
- update user profiles for users who are in an invited state in Elements (including those who have not accepted invitations); and
- move a user who has not accepted an invitation and make their account active.
The following provisioning features are supported:
- Push New Users
New users created through OKTA will also be created in the Elements application.
Note: users created in OKTA who have an email that is not part of a verified domain in the Elements Enterprise will not be added to the Elements environment.
- Push Profile Updates
Updates made to the user's profile through OKTA will be pushed to the Elements application.
Note: only users with an email whose domain is verified in the Elements Enterprise will be updated in Elements.
- Push User Deactivation
Deactivating the user or disabling the user's access to the application through OKTA will block the user in the Elements application.
Before you configure provisioning for Elements, make sure:
- You have an Enterprise set up within the Elements.cloud application. Contact firstname.lastname@example.org to set up an Enterprise environment.
- You are an Admin for the Enterprise.
- At least one domain has been verified.
The following issues are known:
- If the user email is changed in OKTA (but not the username), it will not update the email of the user in Elements. The user is still connected and authentication will still work but all notifications in Elements will still be sent to the original email address
- If the username changes in OKTA, this will result in a new user account being created in Elements with the email. If a user account in Elements already exists with this email then it merges the new OKTA user with the existing Elements account
Configure your Provisioning setting for Elements as follows:
- In the Enterprise Management app in Elements, go to the "Config" page from the right menu and select the "Provisioning" tab.
2. Select OKTA from the Identity Provider dropdown - this is the default. This will then show the SCIM Base URL and the API token required by OKTA.
3. Return to OKTA and log in as an Administrator. In the Admin area, go to the Applications menu and click on the Elements.cloud application.
Go to the Provisioning tab -> To App.
4. Scroll down until you see the Elements.cloud Attribute Mappings. Click on Go to Profile Editor.
5. In the Profile Editor, click on Map Attributes.
6. In the mappings page, click on the Okta to Elements.cloud tab. For the userName attribute, click on Override with mapping. Map the userName to user.login and make sure to choose the Apply mapping on user create only option.
4. Go to the Provision tab -> API Integration
- Enable API integration checkbox and entry the token from Elements. The token can be tested using the API credentials with the Test API Credentials button.
- Then click Save.