Configure real-time Okta - WP user provisioning using SCIM. Our WordPress (WP) SCIM plugin allows you to automate user creation, update and delete user information from the IDP (identity provider) in real-time to your WordPress site. This guide will enable you to configure SCIM user provisioning for your WordPress site using Okta as the Identity Provider, to achieve seamless automated real-time WordPress Okta SCIM user provisioning.

Features

 The following provisioning features are supported:

• Push New Users : New users created through Okta will also be created in the third party application.
• Push Profile Updates (Premium Feature): Updates made to the user's profile through Okta will be pushed to the third party application
• Push User Deactivation (Premium Feature): Deactivating the user or disabling the user's access to the application through Okta will deactivate/delete the user in the third party application.

Note: For this application, deactivating/delete a user will depend on the miniOrange SCIM user provisioning add-on.

• Reactivate Users (Premium Feature): User accounts can be reactivated in the application.

Note: For the Reactivating the user it is required to select the Deactivation mode in the SCIM user provisioning add-on.

• Import Users (Premium Feature): Users can import active users from WordPress to Okta.
• Enhanced group push

 Future Enhancements in the Plugin:

• Import Groups
• Sync password

Pre-requisites : Download And Installation

To configure Okta as SAML IDP with WordPress, you will need to install the miniOrange SCIM user provisioning plugin:

SCIM user provisioning

By miniOrange

(1)

SCIM User Provisioning plugin, Create, Update, delete users from Azure AD, Okta, OneLogin, G-suite, Centrify, JumpCloud, Idaptive, Gluu, WS02 and all SCIM …

 Tested upto 6.2

Get this plugin

To get the premium plugin, please contact us at samlsupport@xecurify.com

Follow the steps below for configuring Okta SCIM user provisioning in WordPress (WP)

Step 1: Configure WP SCIM user provisioning plugin

• Install the premium plugin and login using your miniOrange credentials.
• You would require a license key to activate the plugin. (Note :- In case you already have the paid version of the miniOrange SAML 2.0 SSO plugin you won’t require a to login or license key).
• Select the Identity Provider as Okta from the dropdown.
• You can find the SCIM Base URL and Bearer token in the SCIM configuration tab of the plugin.

Step 2: Configure Okta for SCIM provisioning

• Go to Okta portal and login to your account.
• Navigate to Admin Portal > Applications and click on Browse App Catalog.

• Search for WordPress SSO with SCIM Provisioning and select the application.

• Click on the Add Integration button.

• Click on Done to configure the application further.

• Navigate to the Provisioning menu of the application and Click on the Configure API Integration button.

• Check the Enable API Integration box and enter the SCIM base URL in Base URL field and SCIM Bearer Token in API token field from the SCIM Configuration tab of the SCIM user provisioning plugin.
• Click on Test API Credentials; if successful, a verification message appears at the top of the screen.
• Click on Save button.

• Select To App in the left panel, then select the Provisioning Features you want to enable by clicking on Edit.

• Click on Save
• You can now assign people to the app and finish the application setup.
• With this guide, we have successfully configured SCIM user provisioning between WordPress (WP) and Okta as the identity provider (IDP) using the WordPress SCIM plugin. This solution ensures that you are ready to roll out seamless and real-time WordPress Okta SCIM user provisioning within minutes.

Step 3: Import WordPress Users to Okta (optional)

• If you want to push the WordPress user to Okta then you can follow the steps below. Otherwise you can Skip this section.
• Navigate to the provisioning section of the Okta app.
• Select To Okta in the left panel, then select the Import feature.
• Schedule import :- Choose an interval from the dropdown. Okta will check the list users to import users from WordPress.
• Okta username format :- Select “Email address”.

• User Creation and & Matching
• You can refer to the screenshot below to check default options.

Step 4: De-provisioning of Users [This is a premium feature]

• You can select the deprovisioning mode in the SCIM configuration tab of the SCIM User Provisioning plugin.
• By default, De-provisioning will delete the users from the WordPress site.

Step 5: Attribute Mapping for SCIM Users [This is a premium feature]

  Attribute Mapping for SCIM Users in Okta

• This feature allows you to map any attribute sent by the IDP to the usermeta table of WordPress. You can follow the steps mentioned below to add the custom attributes in Okta.
• Navigate to the Provisioning tab in the SCIM app in Okta.

• Click on the Go to Profile Editor button.

• Click on the Add Attribute button to add the attribute(s).

• Fill details about the attribute and make sure to use the External namespace as urn:ietf:params:scim:schemas:extension:CustomExtensionName:2.0:User

• Click on Save button.
• Once you have added the attribute, navigate to the Mappings section.

• Select WordPress SSO with SCIM Provisioning app and choose the attributes to be mapped.
• Map the choosen attributes against the attribute you have created and save the mappings done by clicking Save Mappings button.

• You can repeat these steps for various attributes. To test if attributes are being sent by Okta assign a user to the Okta app which is not present in WordPress.
• Follow the steps given in the next section to map WordPress attributes to Okta.

  Attribute Mapping for SCIM Users in WordPress

• Attribute Mapping feature allows you to map the user attributes sent by the IDP during SCIM Provisioning to the user attributes at WordPress. These attributes can be seen on right hand corner.
• Click on Add Attribute button to add custom attribute field.
• Under the Custom Attribute Name field, enter the attribute name you want to map.
• Under the Attribute Name from IDP field, select the IDP attribute from the dropdown that you want to map.
• Enable Show Attribute toggle for an attribute if you want to display it in the WordPress Users table. Click on Save button.

Step 6: SCIM Audit [This is a premium feature]

• SCIM Audit allows you to keep the track of all the provisioning activity taking place. It shows you the detailed information about each user being provisioned. This information includes the User Action, Status, Created Date etc.
• In the miniOrange SCIM User Provisoner plugin, naviagate to the SCIM Audit tab.
• Here you can see all the User provision information.

• Click on the Show Advanced Search button, to search the provisoned user details by using the search filters like Wordpress Username, IP Address etc.

• On clicking the Clear Reports button, you can clear all the user provisioned details.

Schema Discovery

• miniOrange SCIM user provisioning plugin doesn’t support Schema Discovery.

Troubleshooting Tips

• Note: WordPress doesn't allow to change userName of a user. You can change the email but not the username.

Additional Resource

• What is SCIM User Provisioning?
• User Data Synchronization

Other Supported IDPs

Azure AD

Centrify

Google Apps

One Login

PingOne

Custom IDP

If you are looking for anything which you cannot find, please drop us an email on samlsupport@xecurify.com