Kno2®

This guide is intended for Okta admins who are configuring SCIM in Kno2. It provides details regarding how to enter information generated in your Kno2fy portal into the Okta portal.

Described below is a simplified version of configuring user provisioning in Okta. Please note that a comprehensive tutorial is available here: <a href="https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_scim.htm" rel="nofollow noopener noreferrer" target="_blank">Add SCIM provisioning to app integrations | Okta</a>

___________________________________________________________

In the General tab of the configured app, select Enable SCIM provisioning:

On the Provisioning tab, configure To App. The following must be enabled:

- Create Users
- Update User Attributes
- Deactivate Users

Do not have Sync Password enabled.

Do not configure Provisioning TO OKTA. The Kno2 provisioning only supports one-way sync.

On the Provisioning tab, configure Integration settings. The following must be enabled:

SCIM connector base URL: copied from Kno2’s User Provisioning tab

Unique identifier field for users: userName

Supported provisioning actions to check:

1. Push New Users
2. Push Profile Updates
3. Push Groups

Generate a token from Kno2fy and copy it into the Authorization field.

1. SCIM connector base URL: copied from Kno2’s User Provisioning tab
2. Unique identifier field for users: userName
3. Supported provisioning actions to check:
 1. Push New Users
 2. Push Profile Updates
 3. Push Groups
4. Authentication mode: HTTP Header
5. Generate a token from Kno2fy and copy it into the Authorization field.
 
 SCIM Connection

The following are best practices as recommended by Okta:

All users that are to be granted access to Kno2 should be collected in Okta under a single group.

Members of this group will have their basic information including status synced over to Kno2.

Any members that are added or removed from this group will be created, updated and deleted accordingly in Kno2.

- This group is the assignment group.
- Members of this group will have their basic information including status synced over to Kno2.
- Any members that are added or removed from this group will be created, updated and deleted accordingly in Kno2.
  Groups

Push Groups are intended as a means to organize users into groups that align with organizations.

You MUST have a group for Network Admins.

You SHOULD have at least one group for Org Admins.

- Group the Org Admins with the same org access together.

You SHOULD have at least one group for Users.

- Group the users with the same org access together.

A user should be a member of the Assignment group as well as one or more push groups. 

- You MUST have a group for Network Admins.
- You SHOULD have at least one group for Org Admins.
 - Group the Org Admins with the same org access together.
- You SHOULD have at least one group for Users.
 - Group the users with the same org access together.
- A user should be a member of the Assignment group as well as one or more push groups.

Okta’s sync process is immediate. Any user added to the assignment and push groups are immediately synced to the application it is connected to.

Okta Setup

General

Provisioning

To App

Integration

Attribute Mappings

Assignments vs Push Groups