Partner Okta SCIM Integration

Partner Okta SCIM Integration

Exium’s Intelligent Cybersecurity Mesh provides secure access to distributed workforce and IoT devices, protecting businesses from malware, ransomware, phishing, denial of service, and botnet infections in one easy to use cloud service.

From single sign-on to enhanced user provisioning Okta’s Exium integration handles users and groups seamless access to Exium. Administrators can easily attach Exium security policy groups to Okta user groups. Unique features of this integration are

  • Simple steps to integrate Okta API with Exium
  • Push New Users from Okta to Exium
  • Push User Profile Updates from Okta to Exium
  • Push User Groups from Okta to Exium
  • Push User Deactivation from Okta to Exium
  • Reactivate Users from Okta to Exium
  • Single sign-on from Okta to sign-on to Exium

This note explains how to configure Okta Exium application settings and Exium Partner Portal settings so that Okta Users and User groups can be synced with Exium Partner portal in real time and SSO from Okta can be used to sign-on to Exium Service.

Following steps elaborate Okta SCIM API Integration with Exium

1. Add Exium app on Okta

In Okta, you can add Exium application in your Okta account by browsing app catalog and search for Exium app. Click on Applications on left navigation bar. On Applications page, Click on Browse App Catalog button as shown below.

As a next step, search for Exium in search bar of Browse App Integration Catalog. It’ll show Exium app with logo. Click on Exium app with Logo as shown below.

As a next step, Click on Add Integration as shown below.

By default, application label is shown as Exium. If you wish to change the app name, change the Application label field as shown below. Click on Done.

2. Select Okta as Sign-in Option and Update SAML URL on Exium

For Okta SSO Integration, Okta has to be selected as Sign-in option under Exium Partner Portal. To do that, SAML 2.0 IDP Metadata URL is required. SAML 2.0 IDP Metadata URL has to be copied from Okta Exium app and same has to be pasted in Exium. Following steps elaborate on this.

2.1 Copy SAML URL on Okta

Click on Sign On tab under newly created Exium app. Click on View SAML Setup Instructions as shown below.

Copy SAML 2.0 IDP Metadata URL under Configuration Steps section as shown below.

2.2 Select Okta as Sign-in Option on Exium

To change Okta as Sign-in option, Click on Settings tab on Admin Console on Exium partner portal as shown below.

 

Click on Sign-In tab in Settings page. Click on Okta. Under Choose Sign-In Options section, Paste SAML 2.0 IDP Metadata URL  (which was copied in previous section) in SAML 2.0 IDP Metadata URL field as shown below. Click on Save.

 

 

3. Sign-On Settings on Okta

As a next step, Sign-On settings under Okta has to be updated so that two way communication is up for SAML between Okta and Exium. To do this, Partner ID has to be copied from Exium service and has to be pasted in Okta Exium app.

3.1 Copy Workspace ID on Exium

Click on General tab under Settings page on Exium. Click on copy next to Partner ID as shown below. It’ll copy Workspace ID to clipboard.

 

3.2 Update Sign-On Settings on Okta

Click on Sign On tab under Exium app on Okta. Click on Edit under Settings section. Paste Workspace ID (Partner ID copied in previous section) under Advanced Sign-on Settings section. Under Credentials Details section, Select Email as Application username format from dropdown as shown below. Click on Save.

4. Provisioning Settings on Okta

For Okta SCIM Integration, SCIM Bearer Token has to be copied from Exium partner portal and same has to be copied in Okta Exium app. Following steps elaborate this.

4.1 Copy SCIM Bearer Token on Exium

Click on SCIM tab under Profile page on Exium. Click on copy next to SCIM 2.0 Bearer Token as shown below. It’ll copy SCIM 2.0 Bearer Token to clipboard.

 

4.2 Update SCIM Bearer Token on Okta

Click on Provisioning tab under Exium app on Okta. Click on Configure API Integration as shown below.

Click on Enable API Integration. Paste the SAML 2.0 Bearer Token (which was copied in section 4.1) under API Token as shown below. Click on Test API Credentials. If token is correctly pasted from Exium to Okta, it gives a message as Exium was verified successfully as shown below. If this message is not shown, copy the token again from Exium (section 4.1) and paste again. Finally, click on Save.

As a next step, click on Enable for different sections as shown below and Click on Save.

5. Assigning User Groups on Okta

As a next step, you can assign users to Exium app on Okta. This can be done whenever you wish to add more users to Exium app. Click on Assignments section under Exium app and Click on Assign and Select on Assign to Groups as shown below.

On Assign Exium to Groups pop over, You can choose and assign groups by clicking on Assign as shown below. After everything is done, Click on Done.

You can enter some details related to required fields as shown below, Click on Save and Go Back

 

6. Assigning Users on Okta

As a next step, you can assign users to Exium app on Okta. This can be done whenever you wish to add more users to Exium app. Click on Assignments section under Exium app and Click on Assign and Select on Assign to People as shown below.

On Assign Exium to People pop over, You can choose and assign users by clicking on Assign as shown below. After everything is done, Click on Done.

You can make the changes on User name (if you want to), Click on Save and Go Back

7. Check Users on Exium Partner Portal

All the users (individual and part of groups) assigned to Exium app on Okta are synced through SCIM to Exium. On Exium Admin Console, Click on Users box. Under Users page, you will see all the assigned users are synced from Okta to Exium partner portal.

 

8. Verify SSO on Exium Partner Portal

To Verify successful SSO Integration you can try login to Exium Partner Portal by entering Partner Tag name as shown below.

 

Since this workspace is integrated with Okta, Exium partner portal opens a browser tab for Okta SSO authentication. On Successful Okta SSO authentication, User gets logged in to Exium Partner Portal.

If you have any issue during integration, contact us at support@exium.net or raise a ticket on https://exium.net/help-center/

If you would like to see how Exium can help defend your organisation, contact us at hello@exium.net