QorusDocs now support's auto provisioning of user accounts using The System for Cross-domain Identity Management (SCIM) protocol. This implementation has been developed specifically for use with the Okta identity management platform.

Okta is a customizable, secure, and drop-in identity management solution to add authentication and authorization services to your applications.

SCIM provides a defined schema for representing users and groups, and a RESTful API to run CRUD operations on those user and group resources. Updating user information in the Okta platform will communicate these changes to QorusDocs using the SCIM protocol.

What SCIM and what is it used for?

SCIM, or System for Cross-domain Identity Management, is an open standard that allows for the automation of user provisioning.

SCIM can be used to automate the provisioning of users within QCH only if you have an existing Okta OIDC app integration configured.

Configuration overview

Follow these general steps to set up your environment to use SCIM.

1. Add and configure the SCIM app in Okta.
2. Assign Users or Groups.
3. Verification of Auto Provisioned Users.

Prerequisites

To perform the configuration, you will need:

1. An Okta user that has permissions to add an “application integration” from the app catalog within your Okta portal.
2. An existing OIDC app integration with QorusDocs.
3. The SCIM URL, OAuth Bearer Token, Client ID and Client Secret – Provided by QorusDocs

Step 1: Add and Configure the app integration in Okta

To add and configure the SCIM app in Okta, you need to add it via the app catalog.

Add and configure the app integration

Sign into the Okta portal.

Select the “Applications” drop down, and then select “Applications”.

Select “Browse app catalog”.

Search for “SCIM 2.0 Test App (OAuth Bearer Token)”.

Click on “SCIM 2.0 Test App (OAuth Bearer Token)”.

Click "Add".

General Settings, Update Application Label -> “SCIM 2.0 QorusDocs (OAuth Bearer Token)".

Default name: "SCIM 2.0 Test App (OAuth Bearer Token)"

Update name: "QorusDocs SCIM 2.0 Test App (OAuth Bearer Token)"

Click "Next".

Sign-On Options, All Default options.

Click "Done".

Click on Provisioning tab.

Click “Configure API Integration”.

Select the checkbox “Enable API Integration”.

Enter the SCIM 2.0 Base URL – Provided by QorusDocs.

Enter the OAuth Bearer Token – Provided by QorusDocs.

Note: The SCIM OAuth Bearer token expires every twelve months from the date it is created. Currently, QorusDocs does not have a mechanism to notify customers when their SCIM OAuth Bearer token is expiring/has expired. We recommend that customers set a Task/Calendar reminder around eleven months from the time the SCIM OAuth Bearer token is generated, this can be created from within QorusDocs in order to avoid any syncing issues. You will need the Client ID and Client Secret for this renewal process.

Click on "Test API Credentials".

Click "Save".

Step 2: Assign Users or Groups

The newly created SCIM app should still be open.

Click on the Assignments

Click on the “Assign” Drop Down.

Select either “Assign to People” or “Assign to Groups” – which ever is more suitable.

Select the relevant Users or groups.

Click "Assign".

Repeat for each user and or each group -> Click on "Save and Go Back"

Click "Done".

Step 3: Verification of Auto Provisioned Users

1. Sign in to your QorusDocs hub.
2. Click the “Settings” Drop Down.
3. Click on “User management”.
4. Verify the assigned users from the SCIM okta application are now visible under “Active Users” in the hub.