Okta SCIM Configuration setup

Features of the Okta-Cognism integration

With the Okta-Cognism integration, you can carry out user provisioning via SCIM:

  • Create users: Creates or links a user in Cognism when assigning the app to a user in Okta.
  • Update user attributes: Okta updates a user's attributes in Cognism when the app is assigned. Future attribute changes made to the Okta user profile will automatically overwrite the corresponding attribute value in Cognism.
  • Deactivate users: Deactivates a user's Cognism account when it is unassigned in Okta or their Okta account is deactivated. Accounts can be reactivated if the app is reassigned to a user in Okta.

Prerequisites Required

  1. An Okta account with admin privileges.
  2. A subscription with Cognism.

Configuring Okta to integrate user provisioning with Cognism

Cognism Setup

Login to Cognism and go to Settings by clicking the User Avatar at the top-right.image.png

Go to the Tokens page.image__1_.png

Click Create New to generate a new long-term token which is valid for 600 days. image__2_.png

When the token expires, your Cognism admin will need to generate a new token and paste this in the Cognism Okta app, under the Provisioning tab.

 

Copy the token that is generated.image__3_.png

Head over to the Cognism Okta Application.

If the Tokens page is not visible on your account, please email support@cognism.com to receive an API Token.

Okta Setup

  • From the Cognism Okta application, go to the Sign On tab and select Email for Application username format.image__4_.png
  • Go to the Provisioning tab and click Configure API integration.
  • Select Enable API integration.
  • In the API Token field, paste the token that you generated from the Cognism Web Application.
  • Click Test API. If the test passes, click Save.
  • Click To App under Settings.
  • Click Edit and select Enable for: Create Users, Update User Attributes and Deactivate Users.image__5_.png
  • Click Save to apply the integration settings.
  • Assign users to the application.

Troubleshooting

The entire setup is done by a person that is an Okta admin and can login to Cognism. However, if you are experiencing any problem, or the Tokens page is not visible on your account, please email us at ops@cognism.com.

 

Changing the Okta User Name (email) will not update the Cognism user's email since the email is an ID of our users. Instead, a new Cognism user is created if the account has available licences.

Deactivated user accounts are saved with Cognism as disabled user records. They can be reactivated either from Okta or Cognism itself.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.