Welcome to the guide to setting up the Okta SCIM integration for provisioning users on the Paladin platform. We’ll provide step-by-step instructions on how to configure the integration between Okta and Paladin, enabling seamless user provisioning and management.
The Guide covers configuring the SCIM integration in Okta, mapping attributes between Okta and the Paladin system, and testing the provisioning functionality.
Before you begin, we are assuming that you have a basic understanding of Okta and the Paladin system. Familiarity with user management concepts and experience with system administration will also be helpful.
<aside> 👉
A few of the values needed for SSO and SCIM configuration are provided by Paladin. When you’re ready to set up sign-on and user provisioning, please reach out to your Paladin representative or [email protected]; and we’ll assist with the configuration.
</aside>
SCIM stands for System for Cross-domain Identity Management. It is an open standard protocol that allows for the automation of user provisioning and management between identity providers (such as Okta) and service providers (such as Paladin). The SCIM API enables the exchange of user identity data, including user creation, modification, and deletion, in a standardized and secure manner.
If your organization already uses SSO to access Paladin, then you already have an Application connected to Paladin. To enable user provisioning via SCIM, we will edit that application rather than creating a new one. If you do not need to create a new application, you can skip to the “Configure Okta SCIM Integration” Section below.
<aside> 👉
If you are setting up SSO and SCIM at the same time, then you will need to create a new Okta Application.
</aside>
Step 1: Open the Applications section on the left sidebar and click the “Create App Integration” button:
Step 2: The “Create a new app integration” form will pop up. Select “SAML 2.0”, and then select Next. Okta will guide you through a few app-creation steps. NOTE: This will be a one way activation/deactivation of users within Paladin. We will not be sending any information back to your identity provider.
<aside> <img src="/icons/flash_purple.svg" alt="/icons/flash_purple.svg" width="40px" />
NOTE: This will be a one way activation/deactivation of users within Paladin. We will not be sending any information back to your identity provider.
</aside>
Step 3: On the next screen, labeled “Create SAML Integration”, name the Application and select Next. This will take you to the SAML Settings Page.