Features of the Okta-Cognism integration
With the Okta-Cognism integration, you can carry out user provisioning via SCIM:
- Create users: Creates or links a user in Cognism when assigning the app to a user in Okta.
- Update user attributes: Okta updates a user's attributes in Cognism when the app is assigned. Future attribute changes made to the Okta user profile will automatically overwrite the corresponding attribute value in Cognism.
- Deactivate users: Deactivates a user's Cognism account when it is unassigned in Okta or their Okta account is deactivated. Accounts can be reactivated if the app is reassigned to a user in Okta.
Prerequisites Required
- An Okta account with admin privileges.
- A subscription with Cognism.
Configuring Okta to integrate user provisioning with Cognism
Cognism Setup
Login to Cognism and go to Settings by clicking the User Avatar at the top-right.
Go to the Tokens page.
Click Create New to generate a new long-term token which is valid for 600 days.
When the token expires, your Cognism admin will need to generate a new token and paste this in the Cognism Okta app, under the Provisioning tab.
Copy the token that is generated.
Head over to the Cognism Okta Application.
If the Tokens page is not visible on your account, please email support@cognism.com to receive an API Token.
Okta Setup
- From the Cognism Okta application, go to the Sign On tab and select Email for Application username format.
- Go to the Provisioning tab and click Configure API integration.
- Select Enable API integration.
- In the API Token field, paste the token that you generated from the Cognism Web Application.
- Click Test API. If the test passes, click Save.
- Click To App under Settings.
- Click Edit and select Enable for: Create Users, Update User Attributes and Deactivate Users.
- Click Save to apply the integration settings.
- Assign users to the application.
Troubleshooting
The entire setup is done by a person that is an Okta admin and can login to Cognism. However, if you are experiencing any problem, or the Tokens page is not visible on your account, please email us at support@cognism.com.
Changing the Okta User Name (email) will not update the Cognism user's email since the email is an ID of our users. Instead, a new Cognism user is created if the account has available licences.
Deactivated user accounts are saved with Cognism as disabled user records. They can be reactivated either from Okta or Cognism itself.
Comments
Please sign in to leave a comment.