User Provisioning for Okta IdP

This section contains the following topics:

Establish a connection with Ivanti Neurons for MDM

After you create the users and groups on your Okta application, you can establish the connection between Okta and Ivanti Neurons for MDM.

Procedure

After the connection is established between Okta and Ivanti Neurons for MDM, you can provision users or groups.

Procedure

Go to Assignments > Assign > Assign to People or Assign to Group.
2. Select or search for an existing user or group and click Assign.
Repeat the process to add more Users or Groups.
Click Done.
Select the group and click push Group by name to save and sync the group.

After an assigned user is provisioned on the Okta portal, verify the user provisioning on Ivanti Neurons for MDM administrative portal.

Procedure

Log in to the Ivanti Neurons for MDM administrative portal.
Go to Userstab under the main menu. The provisioned user will be present in the list of users on this page.

After a group is provisioned on the Okta portal, verify the provisioning on Ivanti Neurons for MDM.

Procedure

Log in to the Ivanti Neurons for MDM administrative portal.
Go to Users tab and click User groups. The provisioned group will be present in the list of the groups in this page.

This topic helps you configure the Okta settings.

Procedure

Go to Admin > Identity > User Provisioning Okta.
Click Edit Settings.
Set Automatically invite users imported from Okta - Manage whether users imported from Okta to Ivanti Neurons for MDM are automatically invited to register via email.
(Optional) Click Add Custom Attribute - Specify custom user attributes from your directory service that you want to apply to device management. Each attribute can then be referenced by ${attributeName} in the Configuration fields that support variables. Use of this option requires consistent implementation of custom attributes across Okta servers. If the Okta server that is included in your implementation does not use the custom attribute, the features that are dependent on the custom attribute might not work as expected. The Attribute Type column displays IDP attribute in the Custom Attributes table in the Edit Settings section.
Click Save Changes after modifying the Okta settings.

Procedure

Go to Admin > Identity > User Provisioning.
Click Edit Settings.
Enter Custom Attribute (for example, custAttr1) and click Save Changes.
From the Okta Portal, click Directory > Profile Editor.
Click on SCIM 2.0 Test App (OAuth Bearer Token) User app.
Click Add Attribute.
Add the following custom attribute values, for example:
- Display name (same custom attribute value that we provided in N-MDM, refer to step 3).
- Variable Name : custAttr1
- External Name: custAttr1
- External namespace : urn:ietf:params:scim:schemas:extension:ivanti:2.0:User
- User Permission : (Read / Write)
Click Save Attribute.
Click Profile Editor > Mappings. You will see two sections for mappings (SCIM and Okta).
Map the custom attributes created in N-MDM to attributes defined in Okta, and save the mappings.
Go to Users and click on the required user.
Click Profile > Edit to edit the attributes.
Go to Applications > SCIM 2.0 Test App (OAuth Bearer Token) app.
Under the Assignments tab, click Assign and select Assign to People.

The Assign SCIM 2.0 Test App (OAuth Bearer Token) to People window appears on the screen.
Select the required user and click Assign.
Click Done.

To verify the custom attribute and its mapping in Ivanti Neurons for MDM:

Go to Users > User (any specific user) > Attributes. Make sure the mapped custom attribute for Okta is visible under the User attributes section.