Configure Okta SCIM Provisioning for Softdrive

Overview

This article explains how to configure Okta SCIM 2.0 provisioning for Softdrive. SCIM provisioning allows Okta to automatically create, update, and deactivate users in Softdrive.

Note: SCIM is used for user lifecycle management and does not provide Single Sign-On (SSO). Okta SSO must be configured separately if users will authenticate with their Okta credentials.

Applies To

  • Softdrive Dashboard / Softnet
  • Okta SCIM 2.0 provisioning
  • Okta administrators
  • Softdrive organization administrators

Prerequisites

Before starting, make sure you have:

  • Administrator access to Okta
  • Administrator access to the Softdrive Dashboard
  • An existing Softdrive organization
  • The Softdrive SCIM Base URL
  • The Softdrive SCIM OAuth Bearer Token
  • At least one test user in Okta
  • A user email domain that Softdrive can associate with the correct organization
Important: Start with one test user. Do not assign production groups until user provisioning has been successfully validated.

Procedure

1. Create the SCIM 2.0 application in Okta

  • Log in to the Okta Admin portal.
  • Go to Applications > Applications.
  • Click Browse App Catalog.
  • Search for SCIM 2.0 Test App (OAuth Bearer Token).
  • Select the application and click Add Integration.
  • Enter an application label, such as Softdrive SCIM 2.0.
  • Enable Do not display application icon to users.
  • Disable Automatically log in when user lands on login page.
  • Click Next or Done to create the application.
Important: Select SCIM 2.0 Test App (OAuth Bearer Token). Do not select the SCIM 1.1 application. If the configuration page displays SCIM 1.1 Base URL, the wrong application was selected.

2. Configure the SCIM API integration

  • Open the newly created Softdrive SCIM 2.0 application.
  • Go to Provisioning > Integration.
  • Click Configure API Integration.
  • Select Enable API Integration.
  • In SCIM 2.0 Base URL, enter:
https://softnet.softdrive.co/api/v1/automations/scim
  • Enter the OAuth Bearer Token provided by Softdrive.
  • Leave Import Groups unchecked during the initial configuration and testing.
  • Click Test API Credentials.
  • After the test succeeds, click Save.
Important: The SCIM Base URL must begin with https:// and must not contain a trailing slash. Okta may return a URL pattern error if the address uses http:// or ends with /.


3. Enable provisioning actions

  • In the SCIM application, go to Provisioning > To App.
  • Click Edit.
  • Enable the following options:
    • Create Users
    • Update User Attributes
    • Deactivate Users
  • Click Save.


4. Configure attribute mappings

  • In the SCIM application, go to Provisioning > To App.
  • Scroll down to SCIM 2.0 Test App (OAuth Bearer Token) Attribute Mappings.
  • Configure or verify the following attribute mappings:
Okta AttributeSCIM AttributeValueApply On
UsernameuserNameConfigured in Sign On settingsNot applicable
Given namegivenNameuser.firstNameCreate and update
Family namefamilyNameuser.lastNameCreate and update
Emailemailuser.emailCreate and update
Primary email typeemailType(user.email != null && user.email != '') ? 'work' : ''Create and update
Display namedisplayNameuser.displayNameCreate and update
  • For each editable mapping, select Create and update under Apply on.
  • Save each mapping after confirming its value.
Note: The userName mapping is controlled by the application's Sign On settings and cannot be edited from the Attribute Mappings table. Confirm that the application username is based on the user's Okta email address.


5. Assign a test user

  • Open the Assignments tab.
  • Click Assign > Assign to People.
  • Locate one test user and click Assign.
  • Review the username and user attributes.
  • Click Save and Go Back, and then click Done.

Okta will attempt to provision the assigned user into Softdrive through SCIM.


6. Verify the provisioning result

  • In Okta, confirm that the user assignment does not show a provisioning error.
  • Log in to the Softdrive Dashboard.
  • Open the organization user list.
  • Confirm that the assigned Okta user was created in the correct organization.
  • Confirm that the user's email address and profile information are correct.


Expected Result

After SCIM provisioning is configured:

  • Assigning a user to the Okta SCIM application creates the user in Softdrive.
  • Supported user profile changes made in Okta are synchronized to Softdrive.
  • Removing or deactivating the user in Okta deactivates the user in Softdrive.
  • Users are associated with the correct Softdrive organization based on the configured organization and email domain.
Note: Successfully provisioning a user does not configure Okta SSO. If Okta SSO is configured separately, the provisioned user can use it to authenticate to the same Softdrive account.


Troubleshooting

SCIM Base URL does not match the required pattern

Confirm that the URL uses HTTPS and does not include a trailing slash.

Correct:

https://softnet.softdrive.co/api/v1/automations/scim

Incorrect:

http://softnet.softdrive.co/api/v1/automations/scim/

Test API Credentials fails

Confirm the following:

  • The SCIM 2.0 Test App (OAuth Bearer Token) was selected.
  • The SCIM Base URL is correct.
  • The OAuth Bearer Token was copied correctly and has not expired or been revoked.
  • The Softdrive SCIM endpoint is reachable from Okta.
  • Import Groups is disabled during the initial test.

No resources for users returned

This message normally means that Okta reached the endpoint, but did not receive a valid SCIM Users response. Verify the selected SCIM application, Base URL, OAuth Bearer Token, and endpoint availability.

Unable to detect organization owner from email domain

This error means Softdrive could not determine which organization should receive the SCIM-created user based on the user's email domain.

For example, if the user is:

user@company.com

Softdrive must be able to associate company.com with the correct organization. Confirm the user's email address and contact Softdrive Support if the organization domain must be reviewed or configured.

The assigned user was not created in Softdrive

  • Confirm that Create Users is enabled under Provisioning > To App.
  • Review the user's assignment status and provisioning errors in Okta.
  • Confirm that the givenName, familyName, email, emailType, and displayName mappings match the values documented above.
  • Confirm that the Okta username is based on the user's email address.
  • Confirm that all required user attributes contain valid values.
  • Unassign and reassign the test user after correcting the configuration.

Okta displays a banner requesting that the app be submitted for review

This is an informational banner for test applications and does not prevent SCIM provisioning. The application only needs to be submitted for review if it will be published in the Okta Integration Network.