Setup Okta as a SCIM Client using the User Provisioning module in Drupal

Overview

User Provisioning provides you with the ability to manage all the users at a central user management identity. Okta Provisioning service supports SCIM 2.0 protocol for automatic provisioning/de-provisioning. miniOrange User Provisioning and Sync module implement the SCIM endpoints to allow provisioning/de-provisioning of users into the Drupal site as and when any CRUD operation is performed in the central identity i.e. Okta.

Installation Steps

• Using Composer
• Using Drush
• Manual Installation

• Download the module:

  composer require 'drupal/user_provisioning'

• Navigate to Extend menu on your Drupal admin console and search for miniOrange User Provisioning using the search box.
• Enable the module by checking the checkbox and click on the Install button.
• You can configure the module at:

  {BaseURL}/admin/config/people/user_provisioning/overview

• Install the module:

  drush en drupal/user_provisioning

• Clear the cache:

   drush cr

• You can configure the module at:

  {BaseURL}/admin/config/people/user_provisioning/overview

• Navigate to Extend menu on your Drupal admin console and click on Install new module.
• Install the Drupal User Provisioning and Sync module either by downloading the zip or from the URL of the package (tar/zip).
• Click on Enable newly added modules.
• Enable this module by checking the checkbox and click on install button.
• You can configure the module at:

  {BaseURL}/admin/config/people/user_provisioning/overview

Create Application in Okta

• Log into the Okta portal.
• From the left panel, select Applications under the Applications dropdown.

• Click on the Browse App Catalog button.

• Search for the SCIM Bearer Token and select SCIM 2.0 Test App (OAuth Bearer Token).

• Click on the Add Integration button.

• In General settings, enter the application name under the Application label text field and click on the Next button.

• Under the Sign-On Options, scroll down and click on the Done button.

Configure Okta as SCIM Client

• Navigate to the Provisioning tab and click on the Configure API Integration button.

• Check the Enable API integration checkbox.

• Navigate to the Drupal site.
• Under Configure Drupal as a SCIM Server section, copy the SCIM Base URL.

• Navigate back to the Okta dashboard and paste the copied SCIM Base URL under the SCIM 2.0 Base Url text field.

• Navigate to the Drupal site and copy the SCIM Bearer Token.

• Navigate back to the Okta dashboard and paste the copied SCIM Bearer Token under the OAuth Bearer Token text field.

• Click on the Test API Credentials button.

• Once the Test is successful, click on the Save button.

Select the Operations allowed

• Navigate to the To App section from the left panel of the Provisioning tab.

• Click on the Edit button next to the Provisioning to App.

• Enable the operations (Create/Update/Deactivate/Delete) that will be allowed for provisioning.

• Click on the Save button.

Assign users to the application

• Navigate to the Assignments tab and click on Assign. From the dropdown, select Assign to People.

• Search for the user(s) to be assigned and click on the Assign button.

• Fill in or Confirm the user details and click on Save and Go Back button.

• Once the user(s) is assigned, click on the Done button.

• The user has been successfully assigned to the Okta Application.

• Let’s check if the user is provisioned to the Drupal site. Navigate to the Drupal site and click on the People tab from the top navigation panel. As per the following screenshot, the user has been successfully created on the Drupal site.

Congratulations, you have successfully set up Drupal as the SCIM server and Okta as the SCIM client.