User and Group Provisioning with Okta
- Applies to:
- MindTouch (current)
- Role required:
- Admin
Features
The following provisioning features are supported:
- Create Users
- New users created through Okta will also be created in the MindTouch site
- Update User Attributes
- Updates made to the user's profile through Okta will be pushed to the MindTouch site
- Deactivate Users
- Deactivating the user or disabling the user's access to the application through Okta will deactivate the user in the MindTouch site (Note: Deactivating a user removes the user's ability to sign in but maintains the user's MindTouch information as an inactive user)
- Reactivate Users
- User accounts can be reactivated in the application
- Group Push
- Groups and their members in Okta can be pushed to the MindTouch site
- Import Users
- Intended to import existing MindTouch users into Okta
- Import Groups
- Intended to import existing MindTouch groups into Okta
MindTouch does not support the following Okta provisioning features:
- Sync password
- Profile master
Please note that after a successful implementation user management is controlled within Okta but User and Group roles are moved from the Control Panel into the Dashboard under /Special:Dashboard/SiteAdministration/UserGroupManagement
From here you can change a user to a Community Member to any Pro Member seat level and vice versa.
Requirements
Before configuring User and Group Provisioning with Okta, you must contact the MindTouch Support Team to activate the capability.
Configuration
A new property, user.seated, is required on the Okta user profile under Directory > Profile Editor. Click on User (default).
The new property appuser.seated is mapped to the MindTouch SAML app's seated property.
After User and Group Provisioning with Okta is activated, you must provision a Server API Token to connect MindTouch and Okta. The following instructions provide step-by-step instructions to enable provisioning in the MindTouch application located in the Okta Integration Network.
- Check the Enable provisioning features box
- Click Configure API Integration
- Check the Enable API integration box
- Enter the API Token key and secret
- Click Test API Credentials; if successful, a verification message appears at the top of the screen
- Click Save
- Select To App in the left panel, then select Provisioning Features you want to enable
- Click Save
- You can now assign people to the app (if needed) and finish the application setup
Troubleshooting
Initial activation of User and Group Provisioning with Okta requires contacting the MindTouch Support Team. Please reach out with any questions during your configuration process.