RoboForm SCIM Provisioning
RoboForm SCIM Provisioning automates user and group management for RoboForm companies through integration with their existing Identity Provider (IdP). With this integration enabled, any updates made in your IdP, including adding new users or modifying existing user and group information, will automatically sync with RoboForm. This automation includes user names, email addresses, group memberships, and account status (creation, suspension, deletion).
This article will cover how to enable SCIM Provisioning through Okta, additional documentation from Okta's help center may be useful as an additional reference point during this process and can be found here.
Integrate RoboForm with Okta
1) Sign into your Okta administrator console, navigate to Applications>>Applications, and select the Create App Integration button.
2) Select SWA as the Sign-in method and press Next.
3) In the first section of the Create SWA Integration page set the App name to RoboForm and the App login URL to https://online.roboform.com/login
4) In the second section set the Application user name to Email and press Finish.
5) Next, navigate to General tab and select Edit.
6) In the Provisioning section select SCIM and press Save.
7) This will cause a new Provisioning tab to appear, navigate to this tab and select Edit.
8) To complete the Okta provisioning section, you will need the information found in your RoboForm administrator console's SCIM Provisioning page and info from the list below:
- From your RoboForm for Business administrator console navigate to Company Settings>>SCIM Provisioning.
- In RoboForm, copy the SCIM Server URL to the SCIM connector base URL field found in Okta.
- In Okta, set the Unique identifier field for users to userName.
- In Okta, check each of the Supported provisioning actions except for the last one, do not enable Import Group.
- In Okta, set the Authentication Mode in Okta to HTTP Header
- In RoboForm, generate New Token in RoboForm, copy it, and paste into the Authorization field found in Okta.
Once all of the options have been configured hit Test Connector Configuration to verify that everything has been enabled correctly. If the test completes hit Save.
9) In Okta, navigate to Provisioning>>To App and scroll down the page to find the RoboForm Attribute Mappings table. Remove every entry from this list except Username, Given name, Family name, and Display name.
To remove an attribute press the X button to the right of that attribute. The remaining attributes should look like the below screenshot when finished.
10) In Okta, scroll to the top of the page to find the Provisioning to App settings. Click Edit to enable selecting the settings. Enable the Create Users, Update User Attributes, and Deactivate Users settings and click Save.
When the sync is complete an Active status will be shown in the SCIM Provisioning page in RoboForm, this sync may take up to an hour to complete. Once the integration status is Active you can begin assigning RoboForm to your users and pushing groups .