Provision Users with Okta

Identity management (IdM) integration capabilities in Quick Base, using the standard System for Cross-domain Identity Management (SCIM) specification, allow you to sync Quick Base with Okta.

Features supported

The following provisioning features are supported:

  • Create new users. New users created through Okta are also created in your Quick Base account/realm.

  • Update user attributes. Updates made to the user’s attributes through Okta are pushed to your Quick Base account/realm.

  • Deactivate users. Deactivating the user or disabling the user's access to the application through Okta denies access for the user in your Quick Base account/realm.

  • Reactivate users. Reactivating the user through Okta restores access for the user in your Quick Base account/realm.

  • Create groups. New groups created and pushed through Okta are also created in your Quick Base account/realm.

  • Add users to groups. Users added to the pushed group through Okta are also added to the group in your Quick Base account/realm.

  • Remove users from groups. Users removed from the group through Okta are also removed from the group in your Quick Base account/realm.

  • Delete groups. Groups deleted through Okta are removed from your Quick Base account/realm.

  • Update group name. Updates made to the pushed group name through Okta are pushed to your Quick Base account/realm.

  • Push groups. Push groups created in Okta pushes the group and all of its members to your Quick Base account/realm.

Prerequisites

Before you configure provisioning for Quick Base, make sure you have:

Sign in to Okta

  1. Sign in to Okta with an account that has admin privileges.

  2. Select Admin.

  3. Select Classic UI.

Configure Quick Base integration

  1. Select Applications, then select Add Application.

  2. Search for "Quick Base" and select Add.

  3. On General Settings, enter an Application label, enter your realm name as the Subdomain, then select Next.

  4. For Sign-On Options, Quick Base currently supports SAML 2.0.

    Secure Web Authentication is not currently supported.

    Select SAML 2.0, leave the Default Relay State field blank, then select View Setup Instructions and save the information. You will need to provide this information to Quick Base to set up your realm. Then, select Done.

  5. Select Provisioning then select API Integration.

    Select the Enable API Integration checkbox, and enter the Realm Admin user token as the API Token.

  6. Select Test API Credentials to test the connection, then select Save.

Enable Okta to SCIM provisioning

  1. On the Provisioning tab, select To App, then select Edit.

  2. Select the check boxes to enable Create Users, Update User Attributes, and Deactivate Users.

  3. Keep the default User Attribute Mapping. Quick Base requires the following attributes:

    • User name

    • Name (givenName, familyName)

    • Email (primary)

    Other attributes will be used in the future. To avoid migration, Quick Base stores all attributes now.

  4. Select Save.

Provisioning users

  1. Select Directory, and then select People.

  2. Select Add Person

  3. Enter the person's: First name, Last name, Username, and Primary email.

  4. To add the user to a group, enter the group name and search for it from the group pop-up list. Select the group name and then select Add. Repeat this step for each additional group to which you want to add the user.

  5. For Password, select "Set by admin".

  6. Enter the password assigned for this user, which needs to be supplied to the user separately for their initial sign in.

  7. Select "User must change password on first login."

  8. Select Save or Save and Add Another.

Adding users to your application

You can add users to your application using either of these methods:

To add each user individually:

  1. On the Assignments tab, select Assign and select Assign to People.

  2. Select Assign next to the people you want add to your application.

  3. If necessary, you can update the User Name, then select Save and Go Back to add more people. Once you are finished adding people, select Done.

Provisioning groups

  1. Select Directory, and then select Groups.

  2. Select Add Group.

  3. Enter the group's name and description (optional).

  4. Select Add Group.

Adding users to your group

You can add users to your application using either of these methods:

To add users through a group:

  1. Select Directory, and then select Groups.

  2. Locate the group from the Groups list, and select the group name.

  3. Select Add Members.

  4. Search for the user by typing its name. Select Add next the user you want to add to the group. Repeat this step to add other users to the group. After you have added all of the users, select Done.

Removing users from your group

If the group has been pushed in your application, users will be removed from your Quick Base account/realm.

If users are not members of any other groups that have been pushed in your application, and the users were not added to your application as people, then these users will be denied in your Quick Base account/realm.

To remove users from a group:

  1. Select Directory, and then select Groups.

  2. Locate the group from the Groups list, and select the group name.

  3. Select X next to the user you want to remove from the group.

Updating group name

If the group has been pushed in your application, the group name will be updated in your Quick Base account/realm.

To update a group name:

  1. Select Directory, and then select Groups.

  2. Locate the group from the Groups list, and select the group name.

  3. Rename the group name, and then select the small check mark to the right of the name.

Adding groups to your application

You can add groups to your application from the Assignments tab.

  1. On the Assignments tab, select Assign and select Assign to Groups.

  2. Select Assign next to the group you want add to your application.

  3. You can update the group information, or leave as is. Select Save and Go Back to add more groups.

  4. After you have finished adding groups, click Done.

Pushing groups to your Quick Base account/realm

When you push groups from Okta, the groups will be created in your Quick Base account/realm.

  1. On the Push Groups tab, select Push Groups and select Find groups by name.

  2. Enter the group you want to push to Quick Base in the text field, and then select it from the group list.

  3. Verify that the Push group memberships immediately check box is selected.

  4. Verify that Create Group is selected.

  5. Select Save to push the group; or if you have additional groups you want to push, select Save & Add Another.

Deleting groups from your Quick Base account/realm

When you unlink and delete pushed groups from Okta, the groups will be deleted from your Quick Base account/realm.

However, the group and individual users that were pushed through the group to your Quick Base account/realm will not be affected. To remove these users' access to your Quick Base account/realm, you must un-assign the groups from the Assignment tab.

To unlink and delete groups from your Quick Base account/realm:

  1. On the Push Groups tab, locate the group you want to delete from the Pushed groups list.

  2. Select the down-arrow in the Push Status of the group.

  3. Select Unlink pushed group.

  4. Select Delete the group in the target app (recommended) and then select Unlink.

To un-assign groups and remove these users' access to your Quick Base account/realm:

  1. On the Assignments tab, select FILTERS and then select Groups.

  2. Select X next to the group you want to remove from your application.

  3. Select OK to confirm that you want to un-assign and remove the group.

Restrictions

  • The maximum length for user first name, last name, email, and username is 255 characters.

  • Spaces are not allowed in username and email values.

  • When pushing a group, Quick Base does not support linking existing groups that were created in Quick Base to groups that were created in Okta. When requesting a Refresh App Groups in Okta, Quick Base returns the groups that were provisioned in Okta, but excludes any groups that were created in Quick Base. As a result, the Quick Base groups are not listed in Link Group.

  • When using Push Now to resynchronize a group, any Quick Base users (users who were added to the group in Quick Base) are not affected in the Quick Base group. Okta is master for the group only for those users who were provisioned in Okta.

Troubleshooting

To troubleshoot errors with provisioning, read Troubleshooting IdM provisioning in the Quick Base API Guide.

Related Topics:

 

Go back      |       

© 1999-2019  QuickBase, Inc.  All rights reserved.  Legal Notices.