Skip to main content

Setting up SCIM Provisioning with Okta

Enable user provisioning between Okta and Hive with our SCIM 2.0 OIN integration.

A
Written by Anton Suarez
Updated yesterday

Requirements

You must have an existing Hive workspace with the Enterprise Security Add-on. You must also be a system-level administrator in that Hive workspace. It is also assumed you have (or in the process of) setting up SAML SSO with the Hive Okta integration as well.

Please also be sure that under the Sign On tab "Email" is selected as the "Application username format", as in Hive the user name must be an email.

Configuration Steps

After adding Hive from the Okta OIN you will verify and / or configure your 'Workspace ID' value in the "Advanced Sign-on Settings" section while editing Settings on the "Sign On" application tab in Okta (you may have already filled out this value while setting up the Hive Okta SAML integration, in which case no need to set it again). This is your workspace ID, that you can see in Hive by going to the top-right user menu (click on your Avatar) and then choose the 'Edit profile' option. From there go to the 'API Info' link on your left menu. You will see your workspace id there (and other fields we will use later in the setup as well so keep this page open). Copy this workspace ID into the 'Workspace ID' field in the Okta integration setup and click “Done”.

Next you need to click “Configure API Integration” on the Hive Provisioning tab.

The ‘API Token’ field needs to be filled in with the ‘API Key’ value you have visible on the Hive API Info page where you also copied your workspace id from.

Once entered in, test those credentials with “Test API Credentials” to validate that you can properly authenticate with the Hive SCIM API. Click ‘Save’ when done.

There should now be a Provisioning tab visible in your Okta application setup. Click on the ‘To App’ setting option. You can select any of the following options:

  • Create Users (leave 'Set password when creating new users' unchecked)

  • Update User Attributes

  • Deactivate Users

Click ‘Save’ when done. Please note that we do not support syncing passwords, or setting them on your user in Hive through this integration.

Attributes and Mapping

We currently support only the following field mappings for users:

  • User ID: (userName [must be an email])

  • First Name: (name.givenName)

  • Last Name: (name.familyName)

  • Email: (emails [in our system this will be the same as what was passed in as userName])

Any other field mappings from Okta to Hive will just be ignored and not persisted within Hive.

Supported Features

  • Create users

  • Update user attributes

  • Deactivate users

  • Import users

  • Import groups

  • Group push

Related Articles
How to set-up a custom SAML single sign-on (SSO)
How to configure ADFS single sign-on (SSO)
Security in Hive
Setting up your Hive connection
Setting up SAML 2.0 with Okta
Did this answer your question?