Synchronize Zelo with Okta using SCIM v2.0
Directory sync with Zelo supports read-only operations. We will never mutate end-user directories.
This guide outlines how to synchronize Zelo with Okta directories using SCIM v2.0
To synchronize your users and groups provisioned for Zelo, you'll need two pieces of information that is provided by Zelo Tech Support:
- An Endpoint that Okta will make requests to.
- A Bearer token for Okta to authenticate its endpoint requests.
1. Select or create your Okta application
NOTE: These Okta screenshots reflect the new Okta Admin UI, Okta plans to deprecate the Classic UI in October 2021.
Log in to Okta, go to the Okta admin dashboard and select "Applications" in the navigation bar.
If your application is already created, select it from the list of applications and move to Step 3.
If you haven't created a SAML application in Okta, select "Browse App Catalog".
From your Okta Application dashboard, search for "SCIM 2.0 Test App (Oauth Bearer Token)" and select the corresponding result.
On the following page, click "Add".
Enter a descriptive App name, then click "Next".
Many applications will work with the default configuration that is set on your new application. If you require any additional configuration for your directory such as configuring Attribute Statements, do so on the Sign-On Options page. Click "Done" to complete creating your application.
2.Configure your Okta provisioning API integration
In your application's Enterprise Okta admin panel, click the "Provisioning" tab. Then, click "Configure API Integration".
Check "Enable API Integration". After that, copy and paste the Endpoint provided by Zelo in the SCIM 2.0 Base URL field.
Then, copy and paste the Bearer Token provided by Zelo into the OAuth Bearer Token field.
Click "Test API Credentials", and then click "Save".
The provisioning tab will now show a new suite of options which we'll utilize in the next Guide Section to continue provisioning your application.
3. Select options to provision to your application
In the "To App" navigation section, check to enable:
- Create Users
- Update User Attributes
- Deactivate Users
4. Assign users and groups to your application
To assign users to the SAML Application, navigate to the "Assignments" tab, from the "Assign" dropdown, select "Assign to People".
Select users you'd like to provision and select "Assign".
When you click "Assign" a lengthy form will open where you can populate all of the user's metadata. For Zelo important filtering attributes would be "Department", "Location" and "Start Date". Please contact your internal communication colleague to ensure important attributes are not left out. Confirm the metadata fields, scroll down to the bottom, and press "Save and go back". Repeat this for all users and select "Done".
To push groups in order to sync group membership, navigate to the "Push Groups" tab, from the "Push Groups" dropdown, select: "Find Groups by Name".
Search for the group you'd like to push and select it. Make sure the box is checked for "Push Immediately" and click "Save".
Congratulations, you've now successfully set up the syncronization. Be sure to let the Zelo Tech Support team know and we'll confirm a successful sync for you.
If you have any questions regarding integrating with Zelo, please contact Tech Lead Martin Venaas at email@example.com
October 4, 2021
October 4, 2021