Introduction

This article describes the process of integrating your Identity Provider (IdP) with our System for Cross-domain Identity Management (SCIM) service. We will cover the information you'll need to get started and describe the process for popular IdPs such as Azure and Okta.

About SCIM

SCIM is an open standard protocol that enables automated user provisioning and deprovisioning between identity management systems (such as an identity provider) and service providers, such as Immersive. SCIM simplifies the process of managing user identities and access across different systems and applications.

The SCIM protocol defines a set of RESTful APIs that allow for the creation, modification, and deletion of user accounts, as well as the retrieval of user attributes and group information. It provides a standardized way for identity providers and service providers to communicate and synchronize user data, ensuring consistency and efficiency in user management.

The benefits of implementing SCIM include:

1. User Provisioning: SCIM allows for automated user provisioning, enabling seamless onboarding and offboarding of users to the IL platform. When a customer adds or removes users from their identity management system, SCIM can be used to synchronize these changes with the IL platform, ensuring that user accounts are created or deactivated accordingly.

2. Single Sign-On (SSO): SCIM can be integrated with SSO solutions, such as SAML or OAuth, to enable a seamless and secure authentication experience for customers. By implementing SCIM-based SSO, users can authenticate once with their identity provider and gain access to the IL platform without the need for separate login credentials.

Overall, SCIM helps streamline user management and authentication processes, enhancing the customer experience and ensuring that user accounts and attributes are synchronized between the customer's identity management system and the IL platform.

What you'll need

To set up SCIM integration with Immersive, you will need:

• A SCIM URL and auth token from the Immersive customer services team

• An IdP with your users ideally already placed into groups

Okta Setup

The following steps are describe how to configure Okta to use the Immersive SCIM connector:

1. Click 'Applications' from the left navigation menu and click the 'Browse App Catalog' button to create a new application:
   
   
   
   
2. Search for 'SCIM 2.0 Test App (Oauth Bearer Token)' from the search box and choose the app called 'SCIM 2.0 Test App (Oauth Bearer Token)'.
3. From the app page, click the 'Add Integration' button:
   
   
   
   
4. In the 'Application label' field, enter a descriptive name for the app, such as 'Immersive' and then click 'Next':
   
   
   
   
5. From the 'Sign-on Options' screen, click 'Done'.
   You will now see the configuration options for your application.
6. Click on the 'Provisioning' tab and then click 'Configure API Integration'.
7. On the next screen enter the values of the SCIM URL and Bearer Token that were provided by the Immersive customer support team:
   
   
   
   
8. Click 'Test API Credentials' and ensure that you receive a success message and then click 'Save'.
9. From the Settings area, select 'To App' and then 'Edit':
   
   
   
   
10. Enable the following settings ('Create Users', 'Update User Attributes', 'Deactivate Users'). Leave 'Sync Password' disabled as passwords will be managed within the Immersive platform.

Now you are ready to start assigning users to Immersive !

Assign Users to Immersive

You can assign users individually or as a group. If you assign individual users who are not in a group, then they will not be automatically assigned to a team in Immersive. However, groups which exist in Okta will be created as a team with the same name in Immersive. You may find it more convenient to assign groups rather than individual users, particularly if you are dealing with a large number of users.

To assign a group:

1. Click the 'Assignments' tab, then the 'Assign' drop down, and then click 'Assign to Groups':
   
   
   
   
2. Choose the groups you wish to synchronize with Immersive and click 'Assign' next to each.
3. When you click 'Assign' you will see the following pop-up window:
   
   
   
   

4. You can leave the fields blank and click 'Save and Go Back'. Then click 'Done'. The new team and users should now exist within Immersive.

Managing Groups

To create your Okta Groups in Immersive as Teams, you need to specifically select those groups as Pushed Groups in Okta:

1. Find the list of Pushed Groups by looking at the Push Groups tab in Okta:
   
   
   
   
2. Click the 'Push Groups' button, and select 'Find groups by name' (or search by rule if needed) to push a new group:
   
   
   
   
3. From the Pushed Groups page, find your group and click Create Group > Save:
   
   

This will trigger synchronization with Immersive and you should now see your team appear in the platform.

To remove a Pushed Group from Immersive, click the Active button and choose Unlink Pushed Group from the drop-down list. This will remove the Team from Immersive.