Configuring SCIM for Okta SAML
NOTE: this article is for those setting up Okta SSO after 4/26/24 or those upgrading to our new Okta connection through SCIM provisioning
Before taking the steps below Follow our guide to configure your SAML application.
Provisioning Setup
Provisioning through Okta requires a SAML connector. If your company currently utilizes Brilliant’s Okta connector, please contact your account manager to update your integration.
Edit your application and enable SCIM provisioning:
On the Provisioning panel enter the following for each field:
- SCIM connector base URL: https://app.brilliantmade.com/scim/
- Unique identifier field for users: email
- Supported provisioning actions:
- Push New Users
- Push Profile Updates
- Push Groups
- Import Groups - See Importing Groups section below
- Authentication Mode: HTTP Header
HTTP Header Authorization: Retrieve this value from your SAML integration page as the SCIM Bearer Token:
Click Test Connector Configuration to ensure your connection is correctly configured. If successful, click Save.
Importing Groups
Brilliant supports importing existing groups (Stores) through SCIM, however you may wish to complete configuring base application access before enabling this option. If your company already has several stores, access will not be automatically changed unless you enable Push Groups. This will allow you to ensure group access is configured correctly within Okta.
Click on Refresh App Groups to import existing Stores from Brilliant. This will create new groups within your Okta organization.
Within Okta’s Group administration, create another group with the same name:
Within the Brilliant application Push Groups panel, select the Push Groups drop-down and Find Groups by name or Find Groups by rule (depending on your use case). The example below uses Find Groups by name
Enter the group name to find, then link to the group within Brilliant.
Note: If the Push group memberships immediately option is checked, group membership will be pushed right away. User access may be removed from the Store if group users are not configured.
If group push is successful, the Push Status will show as Active in the Push Groups panel