All Collections
Account and Team Administration
SSO and SCIM Support
OKTA SCIM 2.0 Setup Guide - Custom App
OKTA SCIM 2.0 Setup Guide - Custom App

Setup SCIM via Okta with a Custom App Integration

Updated over a week ago

Overview

This guide is intended to help IT Administrators setup SCIM provisioning for Reclaim.ai via Okta.

This is for creating a new "Custom App" while the Reclaim.ai App in the Okta App Catalog is under review.

If you need any additional assistance beyond this guide, please reach your to your Reclaim.ai contact/rep, or support via our website and/or [email protected].

Pre-Requirements

  1. Setup on a Reclaim.ai Enterprise Plan (see: https://reclaim.ai/pricing)

  2. Have your domain enabled/configured for SSO (Domain Capture) in Reclaim.ai

  3. Have a Google Service Account setup and enabled (see: https://help.reclaim.ai/en/articles/6520530-using-google-workspace-service-accounts-to-roll-out-reclaim-to-your-enterprise)

  4. Administrator access to your Okta Account/Dashboard

For 1-3 - work with your Reclaim.ai contact/rep or reach out to [email protected] if you are unsure.

Create an API Key in Reclaim.ai

  1. Login to Reclaim.ai (https://app.reclaim.ai/login)

  2. In your URL bar enter: https://app.reclaim.ai/settings/developer

  3. Generate a new API Key:

    1. Enter a Name for the key, such as "Okta SCIM"

    2. Set Expiration to "Never" (or whatever is appropriate for your security policy)

    3. Click "Generate key"

    4. Click the "Copy" icon to copy the key to your clipboard

    5. Save the key some place secure for future use

Now you can continue on with the Okta portion of the setup.

Create a new App Integration in Okta for SCIM

This step will create a new custom application integration for SCIM for Reclaim.ai in Okta. This is in addition to the ODIC App you created for SSO.

The current Reclaim.ai App in the Okta App Catalog is currently only for SSO; an updated version including SCIM support has submitted to Okta for approval in their App Catalog, and this guide will be updated when that is complete. For now, follow the steps below to setup Reclaim.ai as a custom Application Integration specifically for SCIM.

  1. Login to Okta as an Admin

  2. From the Left nav goto: Applications->Applications

  3. From the Applications screen, click “Browse App Catalog”:

  4. From the “Browse App Catalog” screen:

    1. Type in "SCIM" and select "SCIM 2.0 Test App (Header Auth)"

    2. Click the "Create New App" button

  5. From the “SCIM 2.0 Test App (Header Auth)” screen click the "Add Integration" button:

  6. On the "SCIM 2.0 Test App (Header Auth)" page:

    1. For "Application label" enter "Reclaim.ai SCIM" (or something similar of your choosing).

    2. Make sure box check boxes are unchecked

    3. Click the “Next” button

  7. On the "Sign-On Options· Required" page:

    1. Leave the SAML 2.0 button checked (we won't be using this)

    2. Application username format should be "Email"

    3. Update application username on should be "Create and update"

    4. Password reveal should be checked

    5. Click the “Done” button

  8. The application has been created but we need to configure the Provisioning API. From the main screen of the App you just created, click the "Provisioning" tab and then the "Configure API Integration" button:

  9. From the "Enable API Integration" page:

    1. Ensure the "Enable API Integration" box is checked

    2. For "Base URL" enter: https://api.app.reclaim.ai/scim/v2

    3. For "API Token" enter "Bearer RECLAIM_API_KEY" you created at the start of this guide. (to be clear, you must add the word "Bearer " with a space after before pasting in the API key.

    4. Click "Test API Credentials"

    5. You should see a notification indicating verification was successful.

    6. Click "Save"

  10. On the "Provisioning" screen click "To App" on the left:

    1. Click the "Edit" button

    2. Check the "Enable" box for:

      1. Create Users

      2. Update User Attributes

      3. Deactivate Users

    3. Click "Save"

The Okta App for SCIM Provisioning on Reclaim.ai has been created and should be ready to use.

Provisioning Users via SCIM

There are two ways of assigning (provisioning) users to the Reclaim.ai SCIM App:

  1. You can assign them individually

  2. You can assign via using an Okta Group

For both, start on the "Assignments" tab of the Reclaim.ai SCIM App screen:

Individual Assignment

In the Reclaim.ai SCIM App, with the "Assignments" tab, click the "Assign" button and then "Assign to People".

You may assign the app to whichever users you want provisioned in Reclaim.ai by clicking "Assign" next to each user; click "Done" when finished. This will then provision, or update, in Reclaim.ai every user that has been assigned.

Group Assignment

As an alternative to individual assignment, you can leverage Okta Groups.

In the Reclaim.ai SCIM App, with the "Assignments" tab, click the "Assign" button and then "Assign to Groups".

You may assign the app to whichever Okta Group you have created by clicking "Assign" next to each group; click "Done" when finished. This will then provision, or update, in Reclaim.ai every user assigned to that Okta group.

Provisioning Time

The time to provision users in Reclaim.ai should be almost immediate, but could depend on the number of users or size of group. It most cases, everything should be complete in a few minutes.

Related Articles
SSO Support (including Okta)
Okta SSO Setup Guide - App Catalog
Okta SSO Setup Guide - Bookmark App
Did this answer your question?