This guide assumes that you have already enabled SCIM on the Datasaur app and wish to use Okta as the Identity Provider for both SAML and SCIM integration.

Integrating SCIM 2.0 on Okta

Enabling SCIM Provisioning

Let's begin by enabling SCIM provisioning on your existing app, which has already been successfully integrated with SAML.

  1. Open your existing app and navigate to Settings. The default tab should be General.

  2. Check the "Enable SCIM provisioning" option.

  3. Save the changes.

Configuring the Settings

After successfully enabling the SCIM provisioning above, navigate to the Provisioning tab. There will be multiple settings section on the sidebar which consist of: To App, To Okta, and Integration.

Settings: Integration

  1. Fill the SCIM Connector Base URL: https://<datasaur-app-base-url>/api/teams/<your-team-id>/scim/v2.

    1. Replace <datasaur-app-base-url> and <your-team-id> accordingly.

    2. For SaaS Datasaur-hosted, you can use app.datasaur.ai as the <datasaur-app-base>. If you're self-hosted, adjust accordingly based on your domain.

    3. To get the team ID, it can easily be fetched from your URL. For example, if you are currently on https://app.datasaur.ai/teams/1/projects, your team ID is 1.

  2. Fill the Unique Identifier Field for Users: email.

  3. For the Supported Provisioning Actions, check the following options:

    1. Import New Users and Profile Updates

    2. Push New Users

    3. Push Profile Updates

    4. Push Groups

  4. For the Authentication Mode, select HTTP Header.

    • Fill the Authorization under HTTP Header section with the API key that you generated before from the Datasaur app.

  5. Click on the Save button.

Settings: To App

Navigate to another setting called To App on the left, then enable the following options:

  1. Create Users

  2. Update User Attributes

  3. Deactivate Users

Provisioning Users to Datasaur

There are two ways to provision users to Datasaur: assigning people or assigning groups.

Assigning People

You can directly assign a person to the Datasaur app. They will automatically be added to the Workspace, with the default role of Labeler since no role mapping is configured for individuals.

  1. Go to your app on Okta.

  2. Navigate to the Assignments tab.

  3. Click Assign > Assign to People. Continue selecting the desired users to be added to your Workspace. Then, click Done to finish the assignment.

  4. Wait for a few mins and the users should be added to the Workspace as Labeler.

Assigning Groups

You can assign multiple people at once that are under a group. All users in a group will be added and assigned by the role mapping that is defined on the Datasaur app. Every change to the group will automatically be synchronized due to the Push Groups functionality.

  1. Ensure the role mapping is properly configured on the Datasaur app.

  2. If you don't configure the Groups just yet, navigate to the Groups under Directory on the sidebar of your Okta dashboard. Create all the groups that you needed and make sure you name each group the same as the name defined in the role mapping.

  3. Go to your app on Okta.

  4. Navigate to the Assignments tab.

  5. Click Assign > Assign to Groups. Select the desired groups to be added to your Workspace. Then, click Done to finish the assignment.

  6. Navigate to the Push Groups tab.

  7. Click the Push Groups button, find a group, and then click Save or Save & Add Another. Reiterate this process until all the groups from step 5 are added.

  8. Wait for a few mins and the users from all the groups should have been added to the Workspace with the appropriate role.

Last updated