Team: Huntress Managed Security Awareness Training (SAT)
Product: Okta - SCIM Integration
Summary: This article covers how to configure System for Cross-domain Identity Management (SCIM) for your Huntress Security Awareness Training (SAT) instance within the Okta admin console.
In Huntress SAT
- Access your SAT platform as an admin user.
- Go to Settings > Integrations > SCIM.
- Create a SCIM Token by clicking + Connect a group and choosing the desired SAT target group.
- All new learners will be added to this group.
- Any existing users will be associated with your Identity Provider (IDP) via SCIM but will remain in their currently assigned group.
- If you want to have multiple SAT groups with SCIM sync, you will need multiple connections on the SAT side and multiple apps in the IDP.
- Note: If you go this route, ensure you don't have learners in both apps, as their user data may be overridden.
In Okta
- Follow the SAT SAML SSO steps to create a SAML Application in the Okta admin console following instructions from Okta.
- Note: Single Sign-On (SSO) does not need to be enabled, but provisioning must happen on a SAML or SWA Application within Okta.
- Go to Applications and access the previously created Application.
- Under General > App Settings, click Edit.
- Check Enable SCIM provisioning and click Save.
- Under the Provisioning > SCIM Connection, click Edit.
- Configure SCIM as follows:
-
SCIM connector base URL:
https://mycurricula.com/api/learner-scim/v2 -
Unique identifier field for users:
email - Enable Push New Users
- Enable Push Profile Updates
-
Authentication Mode:
HTTP Header -
Authorization:
<<paste in scim token from sat platform>>
-
SCIM connector base URL:
- Use the Test Connector Configuration button to verify settings are correct.
- Click Save.
-
Under Provisioning > To App, update settings as desired.
- Under Provisioning > To App, edit the User Mappings to only include supported attributes below.
Note: Adding additional attributes may cause unexpected behavior.
-
SCIM User Schema
-
userName(must be the user’s email address) activename.givenNamename.familyNamelocalepreferredLanguagetimezone
-
-
Enterprise User Schema
departmentemployeeNumber-
manager.value(either the email address or ID of the manager)
-
SCIM User Schema
- Once configured, new users added to the application should automatically be provisioned via SCIM. Existing users will need to be provisioned by being removed and re-added or by using the Provision User button.