Okta: Difference between revisions
From Planfix
| (5 intermediate revisions by 2 users not shown) | |||
| Line 44: | Line 44: | ||
=== Steps in Okta: === | === Steps in Okta: === | ||
*Go to | *Go to the Planfix application settings in Okta. | ||
*Open | *Open the '''Provisioning''' section: | ||
*Copy the '''SCIM Token''' from the integration settings in Planfix. | |||
*Paste it into the corresponding field in Okta. | |||
*Copy the '''SCIM | |||
*Paste | |||
*Perform a configuration check by clicking the '''Test Connector Configuration''' button, and click '''Save''' to complete the setup. | *Perform a configuration check by clicking the '''Test Connector Configuration''' button, and click '''Save''' to complete the setup. | ||
*Set up rules in the '''To App''' section according to your organization's requirements. | *Set up rules in the '''To App''' section according to your organization's requirements. | ||
| Line 59: | Line 56: | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
| style="font-weight: bold" | <small>Display Name</small> | |||
| style="font-weight: bold" | <small>Variable Name</small> | |||
| style="font-weight: bold" | <small>Data type</small> | |||
| style="font-weight: bold" | <small>Attribute Type</small> | |||
| style="font-weight: bold" | <small>External name (syntax of attributes' values)</small> | |||
| style="font-weight: bold" | <small>External namespace</small> | |||
|- | |- | ||
|Username | |Username | ||
| Line 71: | Line 68: | ||
|Base | |Base | ||
| | | | ||
|urn:ietf:params:scim:schemas:core:2.0:User | |<nowiki>urn:ietf:params:scim:schemas:core:2.0:User</nowiki> | ||
|- | |- | ||
|Given name | |Given name | ||
| Line 78: | Line 75: | ||
|Base | |Base | ||
|name.givenName | |name.givenName | ||
|urn:ietf:params:scim:schemas:core:2.0:User | |<nowiki>urn:ietf:params:scim:schemas:core:2.0:User</nowiki> | ||
|- | |- | ||
|Family name | |Family name | ||
| Line 85: | Line 82: | ||
|Base | |Base | ||
|name.familyName | |name.familyName | ||
|urn:ietf:params:scim:schemas:core:2.0:User | |<nowiki>urn:ietf:params:scim:schemas:core:2.0:User</nowiki> | ||
|- | |- | ||
|Middle name | |Middle name | ||
| Line 92: | Line 89: | ||
|Custom | |Custom | ||
|name.middleName | |name.middleName | ||
|urn:ietf:params:scim:schemas:core:2.0:User | |<nowiki>urn:ietf:params:scim:schemas:core:2.0:User</nowiki> | ||
|- | |- | ||
|Preferred language | |Preferred language | ||
| Line 99: | Line 96: | ||
|Custom | |Custom | ||
|preferredLanguage | |preferredLanguage | ||
|urn:ietf:params:scim:schemas:core:2.0:User | |<nowiki>urn:ietf:params:scim:schemas:core:2.0:User</nowiki> | ||
|- | |- | ||
|Locale | |Locale | ||
| Line 106: | Line 103: | ||
|Custom | |Custom | ||
|locale | |locale | ||
|urn:ietf:params:scim:schemas:core:2.0:User | |<nowiki>urn:ietf:params:scim:schemas:core:2.0:User</nowiki> | ||
|- | |- | ||
|Time zone | |Time zone | ||
| Line 113: | Line 110: | ||
|Custom | |Custom | ||
|timezone | |timezone | ||
|urn:ietf:params:scim:schemas:core:2.0:User | |<nowiki>urn:ietf:params:scim:schemas:core:2.0:User</nowiki> | ||
|- | |- | ||
|Primary phone | |Primary phone | ||
| Line 120: | Line 117: | ||
|Custom | |Custom | ||
|phoneNumbers.^[primary==true].value | |phoneNumbers.^[primary==true].value | ||
|urn:ietf:params:scim:schemas:core:2.0:User | |<nowiki>urn:ietf:params:scim:schemas:core:2.0:User</nowiki> | ||
|- | |- | ||
|Primary phone type | |Primary phone type | ||
| Line 127: | Line 124: | ||
|Custom | |Custom | ||
|phoneNumbers.^[primary==true].type | |phoneNumbers.^[primary==true].type | ||
|urn:ietf:params:scim:schemas:core:2.0:User | |<nowiki>urn:ietf:params:scim:schemas:core:2.0:User</nowiki> | ||
|- | |- | ||
|Primary email | |Primary email | ||
| Line 134: | Line 131: | ||
|Custom | |Custom | ||
|emails.^[primary==true].value | |emails.^[primary==true].value | ||
|urn:ietf:params:scim:schemas:core:2.0:User | |<nowiki>urn:ietf:params:scim:schemas:core:2.0:User</nowiki> | ||
|- | |- | ||
|Primary email type | |Primary email type | ||
| Line 141: | Line 138: | ||
|Custom | |Custom | ||
|emails.^[primary==true].type | |emails.^[primary==true].type | ||
|urn:ietf:params:scim:schemas:core:2.0:User | |<nowiki>urn:ietf:params:scim:schemas:core:2.0:User</nowiki> | ||
|- | |- | ||
|} | |} | ||
'''Note''': | '''Note''': | ||
*The assignment email and the user’s personal email serve different purposes in the system: | *The assignment email and the user’s personal email serve different purposes in the system: | ||
Latest revision as of 14:56, 30 June 2025
Integration with Okta allows your company's employees to log into Planfix and other services using a single password (Single Sign-On). This enhances convenience, security, and simplifies user account management.
Supported features
- IdP-initiated SSO (Single Sign-On)
- SP-initiated SSO
- Just-In-Time (JIT) provisioning
- SCIM provisioning
SCIM supported feature
- Create users
- Update users attributes
- Deactivate users
- Import users
Configuration steps
Steps in Planfix:
- Go to the Account management — Integrations — Single Sign-On section.
- Activate integration with Okta.
Steps in Okta:
- Open the Okta administration panel in a separate tab: https://www.okta.com/.
- Go to the Applications section.
- Click on the Browse App Catalog button.
- Search for "Planfix" in the catalog:
- Select the Planfix application and click Add.
- Copy the Planfix account domain from the integration settings in Planfix and click Done.
- In the application settings, go to the Sign On tab.
- Copy the Metadata URL link.
- Paste the Metadata URL link into the corresponding field in the integration settings in Planfix.
- Save the integration settings in Planfix.
Now, on the Planfix login page, you will have the option to authorize through SSO. Ensure that users are granted access to the Planfix application in Okta. When a new user logs in for the first time in Planfix, their account will be automatically created through the JIT (Just-In-Time provisioning) mechanism.
SP-initiated SSO
To initiate SSO from Planfix, follow these steps:
- Go to the Planfix login page.
- Click on the Login with Okta button.
- You will be redirected to the Okta login page.
- Enter your Okta credentials and click Login.
- You will be redirected back to Planfix and logged in automatically.
Setting up SCIM Provisioning
Steps in Okta:
- Go to the Planfix application settings in Okta.
- Open the Provisioning section:
- Copy the SCIM Token from the integration settings in Planfix.
- Paste it into the corresponding field in Okta.
- Perform a configuration check by clicking the Test Connector Configuration button, and click Save to complete the setup.
- Set up rules in the To App section according to your organization's requirements.
- Also, set up rules in the To Okta section if you need to add users from Planfix to Okta.
Supported SCIM attributes
The following SCIM attributes are supported for user provisioning from the schema urn:ietf:params:scim:schemas:core:2.0:User:
| Display Name | Variable Name | Data type | Attribute Type | External name (syntax of attributes' values) | External namespace |
| Username | userName | string | Base | urn:ietf:params:scim:schemas:core:2.0:User | |
| Given name | givenName | string | Base | name.givenName | urn:ietf:params:scim:schemas:core:2.0:User |
| Family name | familyName | string | Base | name.familyName | urn:ietf:params:scim:schemas:core:2.0:User |
| Middle name | middleName | string | Custom | name.middleName | urn:ietf:params:scim:schemas:core:2.0:User |
| Preferred language | preferredLanguage | string | Custom | preferredLanguage | urn:ietf:params:scim:schemas:core:2.0:User |
| Locale | locale | string | Custom | locale | urn:ietf:params:scim:schemas:core:2.0:User |
| Time zone | timezone | string | Custom | timezone | urn:ietf:params:scim:schemas:core:2.0:User |
| Primary phone | primaryPhone | string | Custom | phoneNumbers.^[primary==true].value | urn:ietf:params:scim:schemas:core:2.0:User |
| Primary phone type | primaryPhoneType | string | Custom | phoneNumbers.^[primary==true].type | urn:ietf:params:scim:schemas:core:2.0:User |
| Primary email | string | Custom | emails.^[primary==true].value | urn:ietf:params:scim:schemas:core:2.0:User | |
| Primary email type | emailType | string | Custom | emails.^[primary==true].type | urn:ietf:params:scim:schemas:core:2.0:User |
Note:
- The assignment email and the user’s personal email serve different purposes in the system:
- The personal email is used for account registration and authentication.
- The assignment email is a dedicated address generated for assigning tasks to the user via email from external sources. It may use a system-specific domain (e.g., *.planfix.com) to route such assignments directly into the system.