This guide is intended to help IT Administrators setup SCIM provisioning for Reclaim.ai via Okta.
This is for creating a new "Custom App" while the Reclaim.ai App in the Okta App Catalog is under review.
If you need any additional assistance beyond this guide, please reach your to your Reclaim.ai contact/rep, or support via our website and/or [email protected].
Setup on a Reclaim.ai Enterprise Plan (see: https://reclaim.ai/pricing)
Have your domain enabled/configured for SSO (Domain Capture) in Reclaim.ai
Have a Google Service Account setup and enabled (see: https://help.reclaim.ai/en/articles/6520530-using-google-workspace-service-accounts-to-roll-out-reclaim-to-your-enterprise)
Administrator access to your Okta Account/Dashboard
For 1-3 - work with your Reclaim.ai contact/rep or reach out to [email protected] if you are unsure.
Create an API Key in Reclaim.ai
Login to Reclaim.ai (https://app.reclaim.ai/login)
In your URL bar enter: https://app.reclaim.ai/settings/developer
Generate a new API Key:
Enter a Name for the key, such as "Okta SCIM"
Set Expiration to "Never" (or whatever is appropriate for your security policy)
Click "Generate key"
Click the "Copy" icon to copy the key to your clipboard
Save the key some place secure for future use
Now you can continue on with the Okta portion of the setup.
Create a new App Integration in Okta for SCIM
This step will create a new custom application integration for SCIM for Reclaim.ai in Okta. This is in addition to the ODIC App you created for SSO.
The current Reclaim.ai App in the Okta App Catalog is currently only for SSO; an updated version including SCIM support has submitted to Okta for approval in their App Catalog, and this guide will be updated when that is complete. For now, follow the steps below to setup Reclaim.ai as a custom Application Integration specifically for SCIM.
Login to Okta as an Admin
From the Left nav goto: Applications->Applications
From the Applications screen, click “Browse App Catalog”:
From the “Browse App Catalog” screen:
From the “SCIM 2.0 Test App (Header Auth)” screen click the "Add Integration" button:
On the "SCIM 2.0 Test App (Header Auth)" page:
On the "Sign-On Options· Required" page:
The application has been created but we need to configure the Provisioning API. From the main screen of the App you just created, click the "Provisioning" tab and then the "Configure API Integration" button:
From the "Enable API Integration" page:
Ensure the "Enable API Integration" box is checked
For "Base URL" enter: https://api.app.reclaim.ai/scim/v2
For "API Token" enter "Bearer RECLAIM_API_KEY" you created at the start of this guide. (to be clear, you must add the word "Bearer " with a space after before pasting in the API key.
Click "Test API Credentials"
You should see a notification indicating verification was successful.
On the "Provisioning" screen click "To App" on the left:
Click the "Edit" button
Check the "Enable" box for:
Update User Attributes
The Okta App for SCIM Provisioning on Reclaim.ai has been created and should be ready to use.
Provisioning Users via SCIM
There are two ways of assigning (provisioning) users to the Reclaim.ai SCIM App:
You can assign them individually
You can assign via using an Okta Group
For both, start on the "Assignments" tab of the Reclaim.ai SCIM App screen:
In the Reclaim.ai SCIM App, with the "Assignments" tab, click the "Assign" button and then "Assign to People".
You may assign the app to whichever users you want provisioned in Reclaim.ai by clicking "Assign" next to each user; click "Done" when finished. This will then provision, or update, in Reclaim.ai every user that has been assigned.
As an alternative to individual assignment, you can leverage Okta Groups.
In the Reclaim.ai SCIM App, with the "Assignments" tab, click the "Assign" button and then "Assign to Groups".
You may assign the app to whichever Okta Group you have created by clicking "Assign" next to each group; click "Done" when finished. This will then provision, or update, in Reclaim.ai every user assigned to that Okta group.
The time to provision users in Reclaim.ai should be almost immediate, but could depend on the number of users or size of group. It most cases, everything should be complete in a few minutes.