All Collections
Interacting with Knak
User Provisioning Setup for Okta Guide
User Provisioning Setup for Okta Guide

This article outlines how to set up User Provisioning for an **Okta app**

Felix Higgs avatar
Written by Felix Higgs
Updated over a week ago

See this article for using self serve for SSO

Create a new OAuth application on Knak

In order to activate User Provisioning in Okta, authentication with Knak’s SCIM API is required. The main way of doing this is by using the OAuth 2.0 authentication flow. You will need to contact Knak Support to help set this up.

  1. Navigate to https://enterprise.knak.io/account/oauth-applications - contact Knak support if you cannot access this page

  2. Click on “Create new OAuth application”

  3. Name the new application “User Provisioning”

  4. Set the redirect URI to https://system-admin.okta.com/admin/app/cpc/<okta_instance>_<okta_app_name>/oauth/callback

    1. <okta_instance> is the name of your Okta org, can be found in the URL <okta_instance>.okta.com/

    2. <okta_app_name> is the ID of the application you set up for SSO on Knak. It can also be found in the URL when you’re on that app’s settings page https://<okta_instance>-admin.okta.com/admin/app/<okta_instance>_<okta_app_name>

    3. Ensure Confidential checkbox is checked.

    4. Click on the Create Button.

  5. Have the client ID and secret on hand for Okta

Connect Knak SCIM service to Okta

  1. Open the Okta admin panel

  2. Navigate to the app you created on Okta for Knak

  3. Under General, check “Enable SCIM provisioning”

4. A new tab will show up called Provisioning, click on it.

5. Fill out the information to connect and save the details

Field

Value

SCIM Version

2.0

SCIM connector base URL

https://enterprise.knak.io/scim/v2

Unique ID for users

email

Supported provisioning actions

- Import new users, Push new users and profile updates

Authentication Mode

OAuth

Token endpoint

https://enterprise.knak.io/oauth/token

Authorization endpoint

https://enterprise.knak.io/oauth/authorize

Client ID

Copied from new OAuth app

Client Secret

Copied from new OAuth app

6. To Authorize Okta to access the Knak SCIM API go to Integration, click “Authenticate with <Knak Okta Application Name>”, and follow the authorization dialog.

7. Click on “To App”, edit the settings to enable “Create Users”.

You are now ready to provision users in Knak via Okta via the “Assign” button.

Handling Previously Assigned Users

Okta will give a warning for any users that were assigned to Knak before provisioning was set up.

The Knak SCIM API supports an “Import” from Knak to Okta, which will allow you to confirm the assignment between Knak users and Okta users, as well as create any new users in Okta if necessary.

Need more help? Contact support via live chat within Knak using the chat bubble in the bottom right corner or email support@knak.com

Did this answer your question?