Hi Raghav, I’m not sure whether by import you mean provision a user to the app or assign the user to the app. If you’re referring to provisioning, the configuration procedure for the app will have the necessary settings to automatically create any user that the app is assigned to. This assumes the app has capability to allow Okta to provision users. As for assignment, you can either assign the app to the user as part of the configuration of the app or retrospectively. One way of doing this is to go to the app from the Application menu option and selecting the relevant app then clicking the Assignments tab and adding the user or a group in which the user is a member. Either way, as soon as a user is assigned to an app, either via group membership or directly, the app will appear on the user’s Okta home page and they’ll be able to use it right away. At the same time, if provisioning is supported and configured Okta will connect to the relevant app’s API interface and provision the user as a background process. The user may be prompted to enter credentials for the first time, depending on whether the app is configured for SWA authentication. Hope that helps. Theo
So when I looked up provisioning it tells me to create SCIM compliant endpoints, which is ok. But does my app have to be a SAML app for this to work? Because while adding the test App I could only see All applications having SAML2.0. If I have a Web Application can I still use provisioning?
Hi Raghav, Just to be clear, whether or not provisioning is available in an app is down to the provider (author) of that app. If the app in question is from the OAN list, then the publisher of that app will already have configured it to accept inbound provisioning. If it is an app you’re developing, then obviously you need to configure it so that it presents an interface that can be called by Okta to provision users. Bear in mind that there are applications that support SAML, SWA or WS-Fed authentication without necessarily supporting provisioning. The thing is, for any of these authentication mechanisms to work there has to be an account for the user in the app before the user can successfully logon. Apps that support provisioning (like O365) just make the process simpler because Okta can then provision the account on the fly (so-called JIT). In contrast, if the app does not support provisioning then you have to have a separate procedure by which the user accounts are created in the app before Okta SSO can work. Hope that makes sense. Theo
I have added my custom application as Web Application With OpenIdConnect protocol for Sign In. But when I go to the App I see no provisioning Tab and neither do I see the Import users tab. I am working on the Trial version is that a problem. Do I have to enable it somehow? I read in the SCIM that I have To use SCIM Test App but when I try to create one I don't see the OpenID connect sign in option there? If you could provide some info on this that will be great.