Configuring user provisioning with OKTA has never been easier, follow the steps included in this short article to learn how to do it.
You have a Corporate Management set up within the Elements.cloud application. Contact firstname.lastname@example.org to set up Corporate Management.
You are the Corporate Management Admin.
At least one domain has been verified.
Invited User Administration is supported for the Elements application.
This enables OKTA to:
update user profiles for users who are in an invited state in Elements (including those who have not accepted invitations); and
move a user who has not accepted an invitation and make their account active.
The following provisioning features are supported:
Push New Users
New users created through OKTA will also be created in the Elements application.
TIP users created in OKTA who have an email that is not part of a verified domain in the Elements Enterprise will not be added to the Elements environment.
Push Profile Updates
Updates made to the user's profile through OKTA will be pushed to the Elements application.
TIP only users with an email whose domain is verified in the Elements Enterprise will be updated in Elements.
Push User Deactivation
Deactivating the user or disabling the user's access to the application through OKTA will block the user in the Elements application.
If the user email is changed in OKTA (but not the username), it will not update the email of the user in Elements. The user is still connected and authentication will still work, but all notifications in Elements will still be sent to the original email address
If the username changes in OKTA, this will result in a new user account being created in Elements with the email. If a user account in Elements already exists with this email, then it merges the new OKTA user with the existing Elements account
Configure your Provisioning setting for Elements as follows:
In the Enterprise Management app in Elements, go to the "Config" page from the right menu and select the "Provisioning" tab.
2. Select OKTA from the Identity Provider dropdown - this is the default. This will then show the SCIM Base URL and the API token required by OKTA.
3. Return to OKTA and log in as an Administrator. In the Admin area, go to the Applications menu and click on the Elements.cloud application.
Go to the Provisioning tab -> To App.
4. Scroll down until you see the Elements.cloud Attribute Mappings. Click on Go to Profile Editor.
5. In the Profile Editor, click on Map Attributes.
6. In the mappings page, click on the Okta to Elements.cloud tab. For the userName attribute, click on Override with mapping. Map the userName to user.login and make sure to choose the Apply mapping on user create only option.
7. Go to the Provision tab -> API Integration
Enable API integration checkbox and entry of the token from Elements.
The token can be tested using the API credentials with the Test API Credentials button.
Then click Save.