If your organization uses Okta to manage access to tools, then you can use Okta to manage your employees' access to Kintaba. This guide provides the steps required to configure Provisioning for Kintaba.
The following provisioning features are supported:
- Push Users. New users created through Okta will also be created in Kintaba.
- Update User Attributes. Updates made to the user's profile in Okta (like their email or phone number) will also take place in Kintaba.
- Deactivate Users. Users deactivated in Okta will be deactivated in Kintaba and subsequently lose access to Kintaba.
- Reactivate Users Users re-activated in Okta will be re-activated in Kintaba.
- Silent Provisioning Any users provisioned for Kintaba inside Okta will be silently provisioned so that your users won't all be burdened with welcome emails.
Paid Plan Required
User Provisioning using Okta is only supported for the following:
- Customers subscribed to the "Standard" self-service plan.
- Customers subscribed to an enterprise plan.
In addition to a subscription to an appropriate paid plan, User Provisioning with Okta requires that:
- You're an administrator in Kintaba. Only Administrators can set-up integrations in Kintaba.
- You've already set up SSO Login (SAML). Kintaba only supports User Provisioning with Okta when used in conjunction with SSO (SAML) Login.
Kintaba integrations manage programmatic access to your incidents. To create a new integration, you'll first need to access the Integrations section of the Admin panel. You can do so through accessing a shortcut on the left sidebar on any Kintaba page.
Click the "Add Integration" button on the "User Provisioning (SCIM)" integration.
User Provisioning requires no configuration inside Kintaba, but you should take note of the "Authorization Header" value for configuring Okta later. You'll need to just grab the value after "Basic " in this field.
At this point, we're all finished setting up User Provisioning from Kintaba. Next, we'll configure User Provisioning inside Okta.
Okta Administrator Required
You'll need to be an administrator of your Okta instance to perform the following steps. If you're not an administrator, please contact your administrator to help you with these steps.
From the Okta homepage, you first need to navigate to the Okta administration panel. There, you'll be able to add a new SCIM app for User Provisioning.
Next, you'll need to navigate to Okta's classic admin UI, which has the options we need to properly add your app.
From the classic UI, we'll want to first navigate to the "Applications" section. We'll be able to add a new app from there by clicking the "Add Application" link under the header.
From the "Add Application" screen, you'll want to search for
Kintaba, adding the result.
From here, just click done.
Great! Now that we've added your new User Provisioning app in Okta, it's time to use the details we saved from earlier to point Okta at your Kintaba instance. Navigate to the "Provisioning" tab on the app's page, then click on the "Configure API Integration" button below.
- Select the "Enable API Integration" checkbox
- Paste the value we saved from above (the token after the word "Basic " from "Authorization Header")
- Click "Test API Credentials" to ensure all of the details are correct. If you get an error, try ensuring that you're pasting the token that comes after the word "Basic," and that there are no spaces before or after the value.
- Click "Save" to save the integration details.
After enabling "API Integration," yo'll want to click on the new "To App" tab on the same "Provisioning" page so that we can enable User Provisioning between Okta and Kintaba.
From here you'll:
- Click the "Edit" button under the "Provisioning to App" subheading.
- Check the features you'd like to enable.
- Click "Save"
Optionally, now you can assign users to your app. Start by navigating to the "Assignments" tab inside your app.
From here, you can click the "Assign" button to add Okta groups or Users to your app. Once added, those users will be able to login and use Kintaba.
After successfully setting up user provisioning with Okta, you can match your already existing Kintaba users with their Okta accounts. To do this, first click on the "Import" tab inside your Okta Kintaba app:
From there, click "Import Now". Okta will begin matching your Kintaba users with Okta users. Once complete, it'll show you a list of users available for import or matching into Okta.
Select the users you'd like to import or match into Okta, then click "Confirm Assignments" to complete the process.
- Single Sign On (SSO) is automatic: if a user is part of an SSO-enabled company, https://app.kintaba.com/signin will automatically detect that user is using SSO.
- If SSO isn't working, administrators can use passwords to sign in using the recovery url: https://app.kintaba.com/signin?sso=recovery
- Push Groups are being synced, but they aren't currently being used for anything in Kintaba. We'll likely look into using these for orgs or oncalls in the future, but for now they're unused.
Updated 9 months ago