2. In the left sidebar, click User Management > Settings.
3. In the SCIM User Synchronization Configuration area, click
. In the popup window, click Enabled to enable SCIM synchronization.
4. Enabled. In the SCIM User Synchronization Configuration area, view or copy SCIM server address. This address will be used when configuring SCIM synchronization in the external IdP.
1. In the SCIM User Synchronization Configuration area, click Generate New SCIM Key.
2. In the Create CredentialSecret dialog box, you can save the SCIM key by downloading a CSV file or copying. After saving the key, click OK.
Okta Configuration
Step 1: Create an Application in Okta
1. Log in to Okta. In the left sidebar, select Applications > Applications. Then enter all Applications and click Create APP Integration to Create an application.
2. In the pop-up Create a new app integration window, select SAML 2.0 and click Next.
3. Enter the Create SAML Integration page and complete the application configuration.
3.1 On the General Settings page, fill in App name and click Next.
3.2 On the Configure SAML page, fill in Single sign-on URL and Audience URL(SP Entity ID). This information corresponds to Identity Center > User Management > Settings > SSO Login, Service Provider(SP) Information in ACS URL and Entity ID. After completing the filling, click Next.
3.3 On the Feedback page, select Contact app vendor and click Finish to complete application creation.
Step 2: Configure Basic Information for SCIM Synchronization
1. In the left sidebar, select Applications > Applications, then enter all applications and select the target application.
2. On the General page, click Edit. Then, set the Provisioning option to SCIM. Click Save. The Provisioning tab will appear.
3. On the Provisioning page, click Edit to proceed with editing. Fill in content as follows:
SCIM connector base URL: fill in SCIM Server Address.
China site: https://scim.tencentcloudsso.com/scim/v2
International site: https://scim.tencentcloudssointl.com/scim/v2
Unique identifier field for users: fill in userName.
4. Test the connection. Click Test Connector Configuration, and then view the test results.
If the test is successful, click Save. Otherwise, modify the configuration until the test is successful.
5. After the test is successful, the To App tab appears on the left side of the Provisioning page. In the Provisioning to App area on the To App page, click Edit.
Check Enable in Create Users, Update User Attributes and Deactivate Users, and click Save to complete the configuration.
Step 3: Synchronize User/Synchronize User Groups
Synchronize User
Synchronize User Groups
Synchronize User
1. On the Assignments page, click Assign, select Assign to People to assign users to the application.
2. In the Assign okta_test to People pop-up window, select the target user and click Assign. Click Save and Go Back in the new window to start sync.
3. Synchronized users are displayed on the People page.
2. Click User Management > User in the left sidebar, view the List of Users page. The source of synchronized users will be automatically identified as External Import.
Synchronize User Groups
Synchronizing user groups requires two steps: first assign user groups to applications via Assignments, then synchronize user groups to the identity center via Push Groups.
1. Assign user groups to applications.
1.1 On the Assignments page, click the Assign button and select Assign to Groups.
1.2 In the Assign okta_test to Groups pop-up window, select the target user group and click Assign. Click Save and Go Back in the new window to complete the assignment.
1.3 Allocated users are displayed on the Groups page.
2. Synchronize user groups to the identity center via Push Groups.
2.1 On the Push Groups page, click Push Groups and select Find groups by name.
2.2 Search for the user group name, select it, and click Save to start syncing the target user group.
2.3 Synchronized user groups are displayed on the Push Groups page.
2. Click User Management > User Groups in the left sidebar, view the user group list. The source of synchronized user groups will be automatically identified as External Import.
