In this guide, we’ll show you how to set up SCIM in Nulab Pass and Okta to allow for user provisioning.
Prerequisites
- User provisioning by SCIM (available with Nulab Pass).
- SAML configuration:
Supported features
Nulab Pass supports the following provisioning features:
- Create users
- Update user attributes
- Deactivate users
How to set up SCIM
Configure the following settings in Okta and Nulab Pass.
Setup in Nulab Pass
- Go to your organization settings.
- Select Organization > User provisioning to open the SCIM configuration screen.
- If user provisioning is not enabled:
- Select the “Manage” button.
- Select the “Enable” checkbox.
- Select “Save.”.
- Record the SCIM URL somewhere safe.
- If no token has been issued:
- Select the “Generate token” link to issue a token.
- Record your SCIM token somewhere safe.
Setup in Okta
- Go to your Okta admin console.
- Select Applications > Applications in the left menu.
- Select the “Browse App Catalog” button.
- Search for and select “Nulab Pass.”
- Select the “Add Integration” button.
- Enter the application label and select ”Done.”
- In the “Provisioning” tab, select Configure API Integration.”
- Complete the information.
- Select the Enable API integration” checkbox.
- Enter the issued token issued in the “API Token” field.
- Select “Test API Credentials” to test the connection.
- Select “Save” in the success message to save the connection.
- Select “To App” from the menu on the left and then “Edit” the “Provisioning to App” section.
- Select and save the following checkboxes:
- Create users
- Update user attributes
- Deactivate users
- Select the “Sign on” tab and then “Edit” in the “Settings” section.
- Save the application by setting the application username format to email.
Operation with user provisioning
Create users
To add accounts to Nulab Pass with user provisioning:
- Select the “Assignments” tab and assign users by going to Assign > Assign to People.
- Enter and save the attributes.
- The information entered will become the Nulab Pass account information.
- The username will be stored in the Nulab Pass email. Okta's email is not synchronized.
Update user
To update Nulab Pass accounts with user provisioning:
- Select the “Assignments” tab and then the pencil icon next to the account you want to update.
- Update and save the attributes.
- Changing the username will invalidate the synchronized Nulab Pass account and create a new account.
Deactivate users
To deactivate Nulab Pass accounts in user provisioning:
- Select the “Assignments” tab and then the “x” next to the account you want to deactivate.
- Select “OK” to confirm your decision.
Delete users
Deleting an Okta user will disable but not delete the linked Managed Account. To delete the Managed Account linked to the deleted user, the account must be deleted manually in your Nulab organization settings.
Troubleshooting
Your SCIM is now complete. Check out Nulab Support for more details about creating Managed Accounts and using single sign-on.