Provision users with Okta

  • 6 minute(s) read
Prev Next

Identity management (IdM) integration capabilities in Quickbase, using the standard System for Cross-domain Identity Management (SCIM) specification, allow you to sync Quickbase with Okta.

Features supported

The following provisioning features are supported:

  • Create new users—New users created through Okta are also created in your Quickbase account/realm.

  • Update user attributes—Updates made to the user's attributes through Okta are pushed to your Quickbase account/realm.

  • Deny access—Denying a user in Okta removes their access to your Quickbase realm.

  • Restore access—Restoring a user in Okta restores their access to your Quickbase realm.

  • Create groups—New groups created and pushed through Okta are also created in your Quickbase account/realm.

  • Add users to groups—Users added to the pushed group through Okta are also added to the group in your Quickbase account/realm.

  • Remove users from groups—Users removed from the group through Okta are also removed from the group in your Quickbase account/realm.

  • Delete groups—Groups deleted through Okta are removed from your Quickbase account/realm.

  • Update group name—Updates made to the pushed group name through Okta are pushed to your Quickbase account/realm.

  • Push groups—Push groups created in Okta pushes the group and all of its members to your Quickbase account/realm.

Prerequisites

Before you configure provisioning for Quickbase, make sure you have:

Sign in to Okta

  1. Sign in to Okta with an account that has admin privileges.

    Okta admin sign-in screen

  2. Select Admin.

  3. Select Classic UI.

    Okta Classic UI option in the admin menu

Configure Quickbase integration

  1. Select Applications, then select Add Application.

    Okta Applications menu with Add Application option

  2. Search for "Quickbase" and select Add.

    Okta application search results showing Quickbase

  3. On General Settings, enter an Application label, enter your realm name as the Subdomain, then select Next.

    Okta General Settings screen with Application label and Subdomain fields

  4. For Sign-On Options, Quickbase currently supports SAML 2.0.

    Secure Web Authentication is not currently supported.

    Select SAML 2.0, leave the Default Relay State field blank, then select View Setup Instructions and save the information. You will need to provide this information to Quickbase to set up your realm. Then, select Done.

    Okta Sign-On Options screen showing SAML 2.0 selection and View Setup Instructions

  5. Select Provisioning then select API Integration.

    Okta Provisioning tab with API Integration option selected

    Select the Enable API Integration checkbox, and enter the Realm Admin user token as the API Token.

  6. Select Test API Credentials to test the connection, then select Save.

Enable Okta to SCIM provisioning

  1. On the Provisioning tab, select To App, then select Edit.

  2. Select the check boxes to enable Create Users, Update User Attributes, and Deactivate Users.

    Okta provisioning settings with Create Users, Update User Attributes, and Deactivate Users checkboxes

  3. Keep the default User Attribute Mapping. Quickbase requires the following attributes:

    • User name

    • Name (givenName, familyName)

    • Email (primary)

    Other attributes will be used in the future. To avoid migration, Quickbase stores all attributes now.

  4. Select Save.

Provision users

  1. Select Directory, and then select People.

  2. Select Add Person

  3. Enter the person's: First name, Last name, Username, and Primary email.

    Okta Add Person form with fields for first name, last name, username, and primary email

  4. To add the user to a group, enter the group name and search for it from the group pop-up list. Select the group name and then select Add. Repeat this step for each additional group to which you want to add the user.

  5. For Password, select Set by admin.

  6. Enter the password assigned for this user, which needs to be supplied to the user separately for their initial sign in.

  7. Select User must change password on first login.

  8. Select Save or Save and Add Another.

Add users to your application

You can add users to your application using either of these methods:

To add each user individually:

  1. On the Assignments tab, select Assign and select Assign to People.

    Okta Assignments tab with Assign to People option

  2. Select Assign next to the people you want add to your application.

    Okta Assign to People list with Assign buttons

  3. If necessary, you can update the User Name, then select Save and Go Back to add more people. Once you are finished adding people, select Done.

    Okta user assignment screen with Save and Go Back and Done buttons

Provision groups

  1. Select Directory, and then select Groups.

  2. Select Add Group.

  3. Enter the group's name and description (optional).

    Okta Add Group dialog with name and description fields

  4. Select Add Group.

Add users to your group

You can add users to your application using either of these methods:

To add users through a group:

  1. Select Directory, and then select Groups.

  2. Locate the group from the Groups list, and select the group name.

  3. Select Add Members.

  4. Search for the user by typing its name. Select Add next the user you want to add to the group. Repeat this step to add other users to the group. After you have added all of the users, select Done.

    Okta Add Members screen with user search and Add button

Remove users from your group

If the group has been pushed in your application, users will be removed from your Quickbase account/realm.

If users are not members of any other groups that have been pushed in your application, and the users were not added to your application as people, then these users will be denied in your Quickbase account/realm.

To remove users from a group:

  1. Select Directory, and then select Groups.

  2. Locate the group from the Groups list, and select the group name.

  3. Select X next to the user you want to remove from the group.

    Okta group member list with X button to remove a user

Update group name

If the group has been pushed in your application, the group name will be updated in your Quickbase account/realm.

To update a group name:

  1. Select Directory, and then select Groups.

  2. Locate the group from the Groups list, and select the group name.

    Okta group list showing group name and edit option

  3. Rename the group name, and then select the small check mark to the right of the name.

Add groups to your application

You can add groups to your application from the Assignments tab.

  1. On the Assignments tab, select Assign and select Assign to Groups.

    Okta Assignments tab with Assign to Groups option

  2. Select Assign next to the group you want add to your application.

    Okta Assign to Groups list with Assign buttons next to each group

  3. You can update the group information, or leave as is. Select Save and Go Back to add more groups.

    Okta group assignment screen with Save and Go Back button

  4. After you have finished adding groups, Select Done.

Push groups to your Quickbase account/realm

When you push groups from Okta, the groups will be created in your Quickbase account/realm.

  1. On the Push Groups tab, select Push Groups and select Find groups by name.

    Okta Push Groups tab with Find groups by name option

  2. Enter the group you want to push to Quickbase in the text field, and then select it from the group list.

    Okta group search field with group list results

  3. Verify that the Push group memberships immediately check box is selected.

  4. Verify that Create Group is selected.

  5. Select Save to push the group; or if you have additional groups you want to push, select Save & Add Another.

    Okta push group confirmation screen with Save and Save and Add Another buttons

Delete groups from your Quickbase account/realm

When you unlink and delete pushed groups from Okta, the groups will be deleted from your Quickbase account/realm.

However, the group and individual users that were pushed through the group to your Quickbase account/realm will not be affected. To remove these users' access to your Quickbase account/realm, you must un-assign the groups from the Assignment tab.

To unlink and delete groups from your Quickbase account/realm:

  1. On the Push Groups tab, locate the group you want to delete from the Pushed groups list.

  2. Select the down-arrow in the Push Status of the group.

    Okta Pushed groups list with down-arrow in Push Status column

  3. Select Unlink pushed group.

  4. Select Delete the group in the target app (recommended) and then select Unlink.

    Okta Unlink pushed group dialog with Delete the group in the target app option

To un-assign groups and remove these users' access to your Quickbase account/realm:

  1. On the Assignments tab, select FILTERS and then select Groups.

  2. Select X next to the group you want to remove from your application.

    Okta Assignments tab filtered by Groups with X button to remove a group

  3. Select OK to confirm that you want to un-assign and remove the group.

Restrictions

  • The maximum length for user first name, last name, email, and username is 255 characters.

  • Spaces are not allowed in username and email values.

  • When pushing a group, Quickbase does not support linking existing groups that were created in Quickbase to groups that were created in Okta. When requesting a Refresh App Groups in Okta, Quickbase returns the groups that were provisioned in Okta, but excludes any groups that were created in Quickbase. As a result, the Quickbase groups are not listed in Link Group.

  • When using Push Now to resynchronize a group, any Quickbase users (users who were added to the group in Quickbase) are not affected in the Quickbase group. Okta is master for the group only for those users who were provisioned in Okta.

Troubleshoot

To troubleshoot errors with provisioning, read Troubleshooting IdM provisioning in the Quickbase API Guide.