This article goes over how to set up SAML SSO with Okta

Step 1: Log in to Admin console

  • If you don’t have an Okta account, you need to sign up.

  • Login to the admin console.

Step 2: Create new App & Integrate to Creative Force

Navigate to Applications / Applications.

Choose Create App Integration, select SAML 2.0 and click Next.

General setting: Input information, then click Next

Configuration SAML to integrate to Creative Force

General:

.

Attribute Statements:

The setting look like this

Completion

Tick "I'm a software vendor. I'd like to integrate my app with Okta" and Finish.

Step 3 Assign user to integration App

  • After creating an app, navigate to “Assignments tab”

  • Click Assign to People or Groups.

  • Note:

    • Assigned people need to activated before using SSO login

    • If you want to create new user, please navigate to Directory > People

Copy Identity Provider metadata url

1. Login to developer admin console of Okta.

2. Navigate to Applications/Applications and choose your App Integration.

3. Choose tab Sign On and copy the link address of "Identity Provider metadata". That’s “Identity Provider metadata URL”

Setup SCIM provisioning on Okta

Notes: Currently, CF SCIM is still only supporting UsersController.

Required: Need to create a custom Okta app and set up SSO on Gamma before.

Step 1: Login to Admin Console

Step 2: Enable provisioning

  • Navigate to “Applications” > “Applications”

  • Select your custom app

  • In the “General” tab, click “Edit” in the “App Settings” block

  • Tick “Enable SCIM provisioning” and “Save”

Step 3: Setup SCIM

Prepare Creativeforce SCIM token

  • Login to Gamma

  • Navigate to “STUDIO SETTINGS” > “SSO SETTINGS

  • Copy SCIM BEARER TOKEN

Setup SCIM on Okta

  • Select tab “Provisioning” (This tab will be showed after enabling SCIM provisioning (Step 1))

  • In Settings / Integration, click “Edit

  • Fill / tick fields by following the below then “Save

SCIM connector base URL

The SCIM URL

Unique identifier field for users

email

Supported provisioning actions

Push New Users

Push Profile Updates

Authentication Mode

HTTP Header

Authorization

*Paste value from step Prepare CF SCIM token*

  • After saving the Provisioning settings, in the tab Provisioning:

Select “Settings” > “To App”,

Click “Edit to set up provisioning to the app.

Tick “Enable” both “Create Users” and “Deactivate Users” then “Save

SCIM Integration Test on Runscope (Original post)

Step 1: Import Runscope test

  • Download the Okta SCIM Spec Test Okta SCIM 2.0 Spec Test JSON

  • If you are new to Runscope, your dashboard displays sample Runscope tutorials. Click Skip Tutorial.

  • You should now see a screen titled API Tests.

  • In the lower left of your screen, click Import Test.

  • A new screen appears, titled Import Tests into …

  • Select Runscope API Tests as the import format.

  • Click Choose File and select the JSON file that you saved in Step 1.

  • Click Import API Test.

Step 2: Custom Runscope

  • You should be looking at the API Tests window in Runscope, if not, click the Tests tab at the top of the Runscope user interface.

  • You should see a test that you imported in step 1.

  • Click Edit on the test panel.

  • The Test window appears. Under the Environment section of your test, there is a collapsed section labelled Test Settings. Click the small arrow to expand this section.

  • Select the Initial Variables tab.

  • Click Add Initial Variable and add the following case-sensitive variables and click Save.

Name

Value

SCIMBaseURL

The SCIM URL

auth

Bearer {{SCIM token from Gamma}}

  • Select the Initial Script tab and Paste the text into the script console then click Save.

var email = "non-exist-email-address@domain.name"; // the un-existed email address

variables.set("randomEmail", email);

variables.set("randomUsername", email);

variables.set("InvalidUserEmail", "invalid-email-address@domain.name");

variables.set("UserIdThatDoesNotExist", "010101001010101011001010101011");

variables.set("randomUsernameCaps",email.toUpperCase());

variables.set("randomGivenName", "A-random-given-name");

variables.set("randomFamilyName", "a-random-family-name");

variables.set("existedUsername", "exist-email-address@domain.name");

Step 3: Run Now

Did this answer your question?