Click “Finish” on the next screen, and the app will be created!
Now, let’s configure users / groups that have access to the app. To do so, please go to the “Assignments” tab and add relevant groups / users.
Note -
It is recommended to set up an “Elementary Users” group dedicated for this purpose, though you can also add access for individual users.
The setting below is for assignment of users to your app, e.g. users that are permitted to login to Elementary via Okta. This does not cover actually provisioning the user in Elementary (this is covered in the next section).
Finally, go to the “Sign On” tab, and provide Elementary with the value under Metadata URL:We will then configure the integration on our end, and then enable it live in a call with you (to ensure you are able to login without issues).
This section covers how to automatically provision users and groups from Okta in Elementary. If you prefer, it is also possible to set up the SSO part without provisioning. In that case, users can be invited to the platform via the Team page in Elementary.
Please follow the steps below to configure SCIM provisioning within Elementary:
First, you should receive a 1Password link from the Elementary team - this contain the SCIM endpoint and access token that should be configured in Okta.
Under the Elementary Data app, go to the General tab, and click Edit. Then modify the Provisioning setting to SCIM and click Save.
A new Provisioning tab should appear, click it and then click Edit.
Please fill the following details:
SCIM connector base URL - value from 1password link above
Unique identifier field for users - email
Supported provisioning actions - mark all the “Push” settings (New users, Profile updates and Groups).
Authentication Mode - HTTP Header
Authorization - access token from 1password link above
When you are done, click on Test Connector Configuration
Ensure that all the marked provisioning actions were successful:
Click Save to update the provisioning configuration.
Click the To App section on the left and click Edit:
Please enable the settings:
Create Users
Update User Attributes
Deactivate Users
And click Save.
If you already created an “Elementary Users” group under the Assignments tab in the previous section, you may want to remove and re-add it to ensure all the users there are created successfully in Elementary.
As a part of the provisioning setup for Elementary, you can also choose to provision user groups to control permissions within Okta.These can be mapped to roles within Elementary (such as Can Edit or Admin).To do so, under the Elementary Data app, do the following
Click on Push Groups
Add the groups you would like to push:
If the Push Status appears as Active - it means the groups were successfully pushed to Elementary.
Please ask the Elementary team to map the groups you pushed to roles within Elementary. In this case the mapping is clear:
Elementary Admins - Admin.
Elementary Editors - Can Edit.
Once this is done, you should be able to see in the Team page in Elementary all the users and their correct roles.