Configuring User Provisioning

Workteam supports user provisioning and de-provisioning using SCIM, a System for Cross-domain Identity Management. If your organization uses an identity provider that supports SCIM, such as Okta or Microsoft Azure Active Directory, then you can configure Workteam to automatically provision and de-provision users by synchronising accounts from the identity provider down to Workteam.

SCIM Support for Okta

Workteam supports the following features:

Type Description
Create Users New or existing users in Okta will be pushed to Workteam as new users.
Update User Attributes Updates to user profiles in Okta will be pushed to Workteam.
Deactivate Users Users deactivated in Okta will be automatically deactivated in Workteam. Deactivated users can also be re-assigned from Okta to reactivate them in Workteam.
Import Users Users may be importyed from Workteam into Okta
Sync Password The Workteam password may be set by Okta

The following attributes are synchronized between Okta and Workteam:

Type Description
email The user’s primary email address
givenName The user’s first name
familyName The user’s surname
displayName The display name for the user.
title The user’s job title
nickname The user’s preferred name
department The department the user belongs to
managerValue The Workteam id of the person that manages the user

Configuration

To configure Workteam for Okta SCIM support, the account must be a paid account. Go to Organization Settings in Workteam and in the Single Sign On & User Provisioning pane, press the settings button at the top right corner of the SCIM User Provisioning box. The SCIM Settings dialog box is shown. Press the Generate Bearer Token button, select the Enabled button and make a note of the Base URL and the Bearer token, prior to pressing OK.

  1. In Okta, login as an administrator and go to the applications menu and click on the Workteam application.
  2. Click on the Provisioning tab and choose API Integration from the Settings menu.
  3. Press the EDIT button next to API Integration and enter the Base URL (from the Workteam User Provisioning Settings) into the Scim 2.0 Base URL field. Then copy the Bearer token from the Workteam User Provisioning Settings and enter it into the OAuth Bearer Token field.
  4. Press the Test API Credentials to ensure that details were entered correctly. Then press the SAVE button.
  5. Select the Assignments tab, press the Assign drop down button and choose Assign to People. Then in the Assign Workteam SCIM To People dialog box, assign the relevant people to Workteam.

Known issues / Troubleshooting

It is not currently possible to update the email / username of the user in Okta and have this reflected in Workteam.