Subscription Required: SCIM is available on select subscription plans only. Contact Support to learn more: Send an email to Support
In This Article:
- What is User Deprovisioning with SCIM?
- Configuring SCIM User Deprovisioning in Okta
- Importing and Assigning Users in Okta
- Unassigning a User in Okta
- Reassigning a User in Okta
What is User Deprovisioning with SCIM?
SCIM is an open standard that automates user management from an IDP and a SaaS service provider, in this case, Loopio. With our SCIM implementation, you are able to automatically deprovision / disable an existing Loopio user directly within the IDP.
- You currently use OKTA for your user management needs
- You have SAML SSO enabled with Loopio. If you are already using SSO, steps 1-4 of Configuring SCIM User Deprovisioning in Okta below may already be completed
- You have generated a SCIM token created through the Loopio Admin Integrations page. To learn more about generating SCIM tokens see our article: How Do I Generate a Token for SCIM User Deprovisioning?
Configuring SCIM User Deprovisioning in Okta
Tip: To request a Loopio Sandbox for testing, reach out to our Support Team. Send an email to Support
Permissions Required: General Admin 1 (Manager) permissions or higher are required to generate a SCIM token to use in Okta. To learn more about generating SCIM tokens start here: How Do I Generate a Token for SCIM User Deprovisioning?
- In Okta navigate to Applications > Applications and select Create App Integration
- Select SAML 2.0 as the sign-in method and click Next
- Fill in the details for your application on the General Settings page and click Next
- Navigate to the Configure SAML page, then under ‘SAML Settings’ fill in the section with the values from the table below:
Single sign-on URL https://UNIQUE_LOOPIO_DOMAIN/sso_saml/module.php/saml/sp/saml2-acs.php/loopio-sp SP Entity ID loopio-sp Default RelayState https://UNIQUE_LOOPIO_DOMAIN/home NameID Format Unspecified Application username Update application username on Create and update
- Fill out the Feedback section and click Finish
- After you have created your application, on your application’s details page navigate to General and check Enable SCIM provisioning then click Save
- On your application’s details page navigate to Provisioning > Integration and fill in the form with the values in the table below. Click Save.
SCIM connector base URL https://api.loopio.com/scim/v2 Unique Identifier field for users userName Supported provisioning actions (checked options)
Import New Users and Profile Updates
Push Profile Updates
Authentication Mode HTTP Header Authorization Your unique Bearer Token
Note: The HTTP Header Bearer token will be the SCIM token created through the Loopio Admin Integrations page. To learn more about generating SCIM tokens see our article: How Do I Generate a Token for SCIM User Deprovisioning?
- On your application’s details page navigate to Provisioning > To App and enable Deactivate Users. This will simultaneously disable users in Loopio when they are unassigned from your application in Okta or when their account is deactivated in Okta. Click Save.
Tip: You can optionally enable Update User Attributes to synchronize updating a user’s attributes in Loopio when they are modified in Okta. You can also choose to use SCIM to manage User provisioning, read more: Setting Up SCIM 2.0 User Provisioning with Okta
Importing and Assigning Users in Okta
- On your application’s details page navigate to Import and click Import Now. You should now see a list of your Loopio users on the page
- After your users are imported, confirm their assignment to your application by checking the checkbox beside their name. You can do this individually on each user’s import card or in bulk by checking the checkbox next to Okta User Assignment. After you have made your selections click Confirm Assignments
Note that if there is no existing match of an imported Loopio user to a user in your Okta directory, a new Okta user will be assigned to the Loopio user when they are imported. The new Okta user will have a status of Staged and can be activated by finding the user in Directory > People and clicking Activate on that user.
Note: If you do not see Loopio users appearing above, ensure that your user’s Okta username matches their Loopio email address, as this is what is used to modify the user in Loopio.
- Your users have now been assigned to your application and you can view them by navigating to Assignments and clicking on People in the filters list
Unassigning a User in Okta
- On your application’s details page navigate to Assignments. Ensure the filter is set to People
- Find the person you want to unassign, and click the X next to their name. This will unassign them from your application in Okta and simultaneously disable their account in Loopio
Reassigning a User in Okta
- On your application’s details page navigate to Assignments
- Click Assign to open the dropdown and then Assign to People
- Find the user you want to assign and click Assign next to their name, then Save and Go Back.
- Repeat this for all the users you want to assign and then click Done. The user will now be reassigned to your application in Okta and reenabled in Loopio