Help / Security and Privacy /

Okta SCIM with Condens

You can set up SCIM to automatically create users in Condens once they are added to the application in Okta and set users inactive in Condens once they are removed from the Condens application in Okta.

Before you enable SCIM, it is recommended to select an auto provisioning role in Condens. This is the default role that users get assigned when they are provisioned to Condens.

To enable SCIM in Condens, simply go to Settings > Security & Login, then select SCIM provisioning > Enabled.

In Okta, open the Condens application and click on General. Then click on Edit (next to “App Settings”), check Enable SCIM provisioning, and then click Save.

A Provisioning tab will appear in Okta. Click on it and then click on Edit.

  • Copy the SCIM base connector URL from Condens and paste it into Okta under the SCIM connector base URL

  • Next to the Unique identifier field for users enter userName

  • Check Push New Users and Push Profile Updates

  • Select HTTP Header as Authentication Mode

  • Copy the SCIM bearer token from Condens and paste it in Okta next to Bearer

Then click on Save.

In the screen that opens, click on Edit (next to “Provisioning to App”). Then enable Create Users, Update User Attributes, and Deactivate Users. After that click on Save.

User Roles

Using SCIM with Okta, it's possible to set the role of users directly from Okta.

  1. In Okta, select the Condes SSO App under Directory > Profile Editor.

  2. Click Add Attribute in the Attributes section to add the user roles mapping.

  3. Fill out the form so that it reflects the below settings.

    • Variable Name: Condens role (can be anything)

    • External Name: roles.^[primary==true].value

    • External Namespace: urn:ietf:params:scim:schemas:core:2.0:User

    • Attribute Required: YES

    • Scope: Group

    • Select "Define enumerated list of values"

    • Enter the Condens roles as attribute members (make sure the value is exactly as below and lower case:

      • Display name: Admin, Value: admin

      • Display name: Researcher, Value: researcher

      • Display name: Full-Access Stakeholder, Value: full_access_stakeholder

      • Display name: Stakeholder, Value: stakeholder

      • Display name: Non-Research Admin, Value: admin#nonresearch

  4. Once this is done, you can assign a user role to each user during the application assignment, either directly or via mapping.

Didn't find what you're looking for? Send us a message and we'll get back to you.
Contact us