This article provides guidelines on how to configure OKTA’s identity management system to automatically provision user accounts to Workvivo over an industry standard protocol called SCIM (System for Cross-domain Identity Management). The information contained in this article is intended as a guideline only – there may be significant differences in any given OKTA configuration that require a different approach to be taken. Workvivo supports automatic user provisioning via a series of SCIM 2.0 compatible RESTful JSON APIs. In this article, you will learn how to set up OKTA to provision users to Workvivo using these APIs.
Important!
- Before setting up OKTA SCIM provisioning please contact our Support team at support@workvivo.com as we need to set your Workvivo environment provisioning method to OKTA.
- If conducting a Meta Workplace migration DO NOT provision any users until the migration of users is complete.
1. Setting up SCIM for User Provisioning
To enable SCIM, click on the ‘General’ tab & click ‘Edit’
Select ‘Enable SCIM provisioning’ and ‘Save’
Head to the ‘Provisioning’ tab and select ‘Edit’
Under "SCIM connector base URL" enter the following:
https://[yourworkvivodomain]/okta/v2/scim
Where "yourworkvivodomain" is the domain name for your Workvivo instance, e.g. https://[companyname].workvivo[.com][.us][.me]
*Note - Depending on whether your Workvivo instance is hosted on our EU, US, or UAE data center, make sure you enter the correct domain. It will either be workvivo.com, workvivo.us, or workvivo.me. The format may also differ if your organisation has configured a custom domain name for Workvivo. If you do not know your Workvivo domain name, please contact our Support team at support@workvivo.com for assistance. Press the “Save” button to continue.
- Unique Identifier field for users: email
- Supported provisioning actions, enable:
> Import New Users and Profile Updates
> Push New Users
> Push Profile Updates - Authentication Mode – select HTTP Header
For Authorization you will need to add the Bearer (SCIM Secret) Token, please reach out to the Workvivo Support Team at support@workvivo.com for this token.
Note that this token can’t be recovered so if you lose it a new token will need to be generated and set up in Okta
From the ‘To App’ Tab, click ‘Edit’
Enable ‘Create Users’, ‘Update User Attributes’ & ‘Deactivate Users’ and click ‘Save.
2. Configuring Okta User Mappings
From the ‘To App’ scroll down to Attribute Mappings:
Remove all attributes to begin, except:
Attribute Value
- Username - Configured in Sign On settings
- Given name - user.firstName
- Family name - user.lastName
- Primary email - user.email
- Title - user.title
- Display name - user.displayName
- Department - user.department
- Locality- user.city (user.country, use the location that you wish to segment your employees by)
- Manager name (if required, must be email value) - user.managerId
Adding additional Attributes:
If you would like to add additional team types (outside of Location & Department) please reach out to Workvivo support support@workvivo.com or liaise with your Workvivo Contact to help you set this up.
Select ‘Go to Profile Editor’
Choose ‘Add Attribute’
You will to confirm to Workvivo what the name of the new Attribute is, the below example is for a Facility Team Type.
Display name: Facility
Variable name: Facility
External name: taxonomies.Facility
External namespace:
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
Description: WV Facility Attribute
Save your Attribute
Select ‘Mappings’
Select ‘Okta User to Workvivo’ from the Tab
Scroll down to the bottom and map your new Workvivo Attribute & select ‘Save Mappings’
3. Assign Employees to the App
From your new Workvivo App in OKTA select the ‘Assignments’ Tab
Assign the App to individual People or Groups, once this happens your employees will be provisioned in Workvivo. (Assign a subset of users for testing first)