Follow

User Provisioning: Okta Integration

 

 

User Provisioning

Currently Jostle's User Provisioning API can only be used for integration with Okta. For more information about the User Provisioning API and SCIM standard, please see this article

 

About Jostle/Okta integration

Configuration

  • Requires a two-part setup: Jostle, then Okta
  • Once configured, user provisioning is one-way: Okta to Jostle

Supported provisions 

  • Push New Users
    • New users created in Okta will be created in Jostle.
  • Push Profile Updates
    • Updates made to a user’s profile in Okta will be pushed to Jostle.
  • Push User Deactivation
    • Deactivating a user in Okta will deactivate them in Jostle.
  • Push User Reactivation
    • Reactivating a user in Okta will reactivate them in Jostle.

 

 

Setup Part 1: Jostle

Integration account

Before you begin, you’ll need to create a specific user in your Jostle intranet. This will be the Integration account and it is the only account that can be used to configure with Okta.

When you create the account, it must have the following settings: 

  • First name: Integration
  • Last name: account
  • User name: “integration.account@<yourorgsemail>”

Once created, the Integration user account must be activated (i.e. logged in to your intranet at least once) before it can be used to configure Okta.

NOTE—with our Recursive release (coming early December), the required Integration account setup will be replaced by an Automation user account setup (any previously-configured Integration accounts will be automatically converted into Automation user accounts).

 

Manage user provisioning

The first step is to obtain the API URL and API key from Jostle. Before you can do this, you will need to contact support@jostle.me to enable the Manage user provisioning page in your Admin Settings. Once enabled:

  1. Go to the Main Navigation and click Admin Settings.
  2. Under User data to/from other systems click Manage user provisioning.
  3. In the User Provisioning API details section, go to Your Base URL field, click the Copy button and save the URL somewhere you can easily access it later.                                                                                                  01_manageUserProvisioning.jpg                                                                                                                                                                             
  4. Next, click the Add a new key...button
  5. On the following screen, go to the Automation User field and use the drop-down menu to select your Integration account.                                                                                                            02_SelectIntegrationAccount.jpg                                                                                                                                                                               
  6. In the Provisioning API key description field give your key a name (i.e. “Okta”) and then click the Add button.
  7. Once your key is generated, make sure to copy it right away and save it where you saved your URL (since this will be the only time your key will appear).

03_CopyAPIKey.jpg

 

Next, you’ll use the API URL and API key to configure the integration in Okta.

 

Setup Part 2: Okta

Add Jostle app

NOTE—if you add your users to the app before enabling integration and turning on user provisioning, you will need to reassign them afterwards in order for them to be recognized and synced.

If you haven't done so already, sign into Okta and download the Jostle app (Okta > Add Apps > Search "Jostle" > Add).

04_oktaJostleapp2.png

 

Configuration

  1. In Okta, click Applications in the top bar and then select your Jostle app.
  2. In the app, go to Provisioning and then under SETTINGS click Integrations
  3. If you see a “Provisioning is not enabled” screen, click the Configure API integration button.                                                                                                                                                                                    05_configApiIntegrationEdit.png                                                                                                                                                                                   
  4. On the next screen, check the box next to Enable API integration and click Save.                              06_enableApiIntegrationInitialEdit.png                                                                                                                                                                                                                                                                              
  5. Go down to the Base URL field and enter the URL you copied from Jostle.
  6. Then, in the API Token field, enter the API key you generated in Jostle.                                                07_oktaJostleEnableRedEdit.png                                                                                                                                                                                        
  7. Right below those fields, click the Test API credentials button (a successful verification message should appear at the top of the screen).
  8. Click Save

 

Email Mapping and Custom Fields

Jostle/Okta user profile email mapping:

  • Jostle's workEmail field is mapped to Okta's email field.
  • Jostle's personalEmail field is mapped to Okta's secondEmail field. 
  • Jostle also supports two more email addresses, each with their own custom labels:
    • Alternate Email 1 and Alternate Email 1 label
    • Alternate Email 2 and Alternate Email 2 label

 

Additional email fields

To make use of the additional email fields and to be able to specify which of the email types is primary, the following needs to be added as custom fields in your Okta profile (which you can do via Okta's Profile Editor).

  • Data type: string
  • Display name: Alternate Email 1
  • Variable name: alternateEmail1
  • Description: Alternate email address 1
  • Data type: string
  • Display name: Alternate Email 2
  • Variable name: alternateEmail2
  • Description: Alternate email address 2
  • Data type: string
  • Display name: Alternate Email 1 Label
  • Variable name: alternateEmail1Label
  • Description: Label for alternate email address 1
  • Data type: string
  • Display name: Alternate Email 2 Label
  • Variable name: alternateEmail2Label
  • Description: Label alternate email address 2
  • Data type: string
  • Display name: Primary
  • Variable name: primary
  • Description: Field for specifying which email type is the primary email
  • Enum: on
  • Enum values (Display name - Value):
    • Work Email - work
    • Personal Email - personal
    • Alternate Email 1 - alternate1
    • Alternate Email 2 - alternate2

For the alternate emails and for primary email address type to sync to Jostle, the following mapping from your Okta profile to Jostle are required:

  • user.alternateEmail1 -> alternateEmail1
  • user.alternateEmail2 -> alternateEmail2
  • user.alternateEmail1Label -> alternateEmail1Label
  • user.alternateEmail2Label -> alternateEmail2Label
  • user.primary == 'work' || user.primary == 'personal' || user.primary == 'alternate1' || user.primary == 'alternate2' ? user.primary : 'work' -> emailType
  • user.primary == 'work' ? user.email : user.primary == 'personal' ? user.secondEmail : user.primary == 'alternate1' ? user.alternateEmail1 : user.primary == 'alternate2' ? user.alternateEmail2 : user.email -> email

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.