Prior to configuring and testing Responsive in Okta, ensure that the SCIM feature is enabled for your company in Responsive.
Troubleshooting and Tips
- If the SCIM feature is not enabled for your company in Responsive, testing your connection fails with a 403 response code.
- Ensure a default role and business unit are selected at the application level in Organization Settings > Security before proceeding with the setup in the Okta.
- Email addresses are the primary/unique identifier, so ensure they get mapped.
- The responsive_user_role and costCenter (business unit in Responsive) fields are non-editable. These are set during creation/app assignment.
- The Responsive username must be unique.
- userName and email address are the same in the Responsive side.
- userName is a non-editable field.
Configuring User Provisioning in Okta
- Login to Okta and click the Applications tab, then click Add Application.
- Type Responsive in the Search field and click Add. The Add Responsive-General Settings tab displays.
- Click Next to go to the Sign-On Options page.
- Select Email from the Application username format drop-down list; then click Done.
Generating an OAuth Bearer Token from Responsive
- Go to Organization Settings > Security > SCIM and turn on the Auto User Provisioning toggle.
- Click Generate SCIM API Token, select the appropriate options from the Default Business Unit (if enabled) and Default User Role drop-down lists, then click Submit. A warning message displays alerting you to copy your API token and store it.
- Click Got It! on the warning message. The SCIM window displays.
- Click the Copy icon to copy the token, then click Submit.
- Go to Okta > Provisioning > Integration and paste the copied API token in the OAuth Bearer Token field.
Sample API Token: s-8c7d34c30c17092bsdffdfdsergnghuy201e67-5c6426ce9b2ffe0ererer5b4
- Type https://app.rfpio.com/rfpserver/scim/v2 in the SCIM 2.0 Base URL field, then click Test API Credentials.
- Click Save once the credentials are tested successfully.
- Click the To App tab and click Edit.
- Check the Create Users, Update User Attributes, and Deactivate Users boxes, then click Save.
*Cost center(optional & custom)
user.costCenter (This is applicable only if business unit is enabled in Responsive)
*responsive_user_role(optional & custom)
user.user_role (Responsive Internal value which specifies the role name. If not given while provisioning, default role would be set)
Note: Cost center and user role are optional attributes. The default value for these can be set in Responsive while generating the bearer token.
- Click the To Okta tab, then scroll down and click Go to Profile Editor.
- Click Add Attribute.
- The Add Attribute pop-up displays. Enter the following values in the respective fields, then click Save.
- Display Name field: Type responsive_user_role
- Variable Name field: Type responsive_user_role_user_role
- Description field: Enter the internal value that indicates the role name in Responsive. This must match with the available role names in the Responsive account.
The newly added attribute displays as shown below:
- Click the Provisioning tab, then scroll down and click Go to Profile Editor.
- Click Mappings to map the attributes.
- The User Profile Mappings page displays. Click the Responsive to Okta tab and then map the responsive_user_role attribute to user_role from the drop-down.
- Click the Okta to Responsive tab and then map the user_role attribute to responsive_user_role from the drop-down.
- Click Save Mappings.
- The Responsive SCIM User Profile Mappings page displays. Click Apply updates now.
Once the attribute is mapped, it displays as shown below:
- Responsive To App Mapping:
- Responsive To Okta Mapping:
- Responsive To App Mapping:
User Provisioning/Deprovisioning in Responsive
The following items regarding user provisioning/deprovisioning are covered below:
- Adding users
- Updating users
- Deleting users
Once users are assigned to the SCIM application, they are added to Responsive along with their role. If a role or BU is not specified in the users profile, the default role (Team Member) or default BU is assigned to them.
- In SCIM:
- In Responsive:
User profiles are updated in Responsive when any of the below attributes are modified for the assigned application user in Okta:
- Given name
- Family name
- Primary phone
- Time Zone
Emails, user roles, and BUs cannot be updated; they can be set only during user creation.
If users are removed from the SCIM application, they are rendered inactive in Responsive. To delete a user from SCIM:
- Click the Delete icon associated with the user to be removed.
- Click OK on the confirmation pop-up.