Integration with Okta SCIM

Overview

Companies using Okta can easily integrate with MangoApps, allowing automatic creation of user accounts within MangoApps whenever a new user is added to Okta, eliminating the need for manual account creation, saving time, and reducing errors between applications.

This integration offers several benefits: automated user provisioning streamlines account creation and deactivation; simplified user updates ensure any changes made to user information in Okta, such as email address, name, or department, are automatically reflected in MangoApps through SCIM; and improved user deactivation enables Okta to automatically deactivate a user's account in MangoApps through SCIM when a user leaves the organization or access needs to be revoked, helping maintain data security and compliance.

Supported Features

SAML :

SP-initiated SSO
IdP-initiated SSO
JIT (Just In Time) Provisioning

SCIM:

Create users
Update user attributes
Deactivate users

Prerequisite Roles

Okta Administrator: The user performing the configuration from the Okta side.

MangoApps Administrator: The user performing the configuration from the MangoApps side.

Supported Okta Plan: Workforce Identity Cloud.

How to Configure SAML 2.0 for MangoApps

Create App Integration in Okta

Login to the Okta portal using administrator credentials and navigate to the Admin tab. From here, access the Applications tab from the left-hand side panel.

Click the Browse App Catalog button along the center toolbar.

Under the Browse App Catalog page, search for the MangoApps application. Select the MangoApps application and click on the Add Integration button.

Add the application label and domain URL, then click on the Next button. On the next page, click the Done button to save the application. (If your domain is https://okta.mangoapps.com/u, enter: okta.mangoapps.com)

Once the app is successfully created, switch to the Sign On tab and copy the metadata URL. This will be required for the MangoApps side configuration.

Enable Integration in MangoApps

Select the Connections section and switch to the SAML tab.

Click the Add SSO Connection option then select Okta as the identity provider from the dropdown option. Name the application.

Add the metadata URL to the Metadata section and click on the Read from URL button.

Click the Read from Metadata URL button to read/add the required configuration fields in MangoApps. Afterwards, click on the Save button.

Enable SCIM Provisioning in MangoApps

Login to MangoApps with as an admin user. Navigate to the SSO section within the Admin Portal and switch to the SAML tab.

Select the newly created Okta application and click Configure User Mappings.

Under configure user mapping, select SAML Provisioning with SCIM and switch to OAuth 2 connection.

Copy the Base URL to use while enabling SCIM in Okta in the below steps and save the configuration.

Enable SCIM Provisioning from Okta

Login to Okta using administrator credentials and navigate. Access the Applications tab from the Admin Portal. Select the application created for MangoApps integration and navigate to the Provisioning tab.

Click the Configure API Integration button.

Select the Enable API Integration box (you may need to scroll down) and add the Base URL (found in the above steps).

Click the Authenticate with MangoApps button to authenticate the URL. Upon successful authentication, save the settings.

Once the setting has been saved, navigate back to the Provisioning tab and click on the Edit button under the To App section.

Enable all the required provisioning for the application and save the settings.

After the setting has been saved, switch to the application again and select the Assignments tab to assign users manually or using groups.

The assigned user account(s) should now be created within the MangoApps system.

End User Experience

On successful Okta-MangoApps integration, user accounts will be automatically created in the MangoApps system.

Attribute Mapping

Department: When a user's department is updated, they will be assigned membership in the new department in addition to their existing department group affiliation.