3.1 Create the SAML app integration
- In the Okta Admin Console, navigate to the “Applications” tab
- Click Create App Integration
- Select SAML 2.
- Name it TOTAL (Provisioning)
- Okta requires SAML values to create the app. Use these placeholders:
- Single sign on URL: https://total.invalid/saml/acs
- Recipient URL: https://total.invalid/saml/acs
- Destination URL: https://total.invalid/saml/acs
- Audience Restriction: https://total.invalid/saml/metadata
- Okta requires SAML values to create the app. Use these placeholders:
- Save the application
3.2 Enable SCIM on the SAML app and connect to TOTAL
- Open the TOTAL (Provisioning) app
- Go to the Provisioning tab
- Click Configure API Integration
- Enable API Integration
- Enter the following:
- Base URL: TOTAL SCIM Base URL
- API Token: TOTAL SCIM Secret Token
- Click Test API Credentials
- Click Save
3.3 Turn on provisioning actions
- Navigate to the Provisioning tab and select your app
- Click Edit, select enable for the following:
- Create Users
- Update User Attributes
- Deactivate Users
- Click Save
3.4 Push groups
Inside the TOTAL (Provisioning) app:- Go to Push Groups
- Push the following groups:
- TOTAL-Admin (required)
- Any additional TOTAL groups you use
- For each group, select Create Group and keep Push group memberships immediately enabled
3.5 Assign groups to the provisioning app
Inside the TOTAL (Provisioning) app:- Go to Assignments
- Assign the TOTAL-Admin group (and any other TOTAL groups)
- To verify provisioning activity:
- In the Okta Admin Console, navigate to the “Reports” tab, then click “System Log”
- Filter by the TOTAL (Provisioning) app
- Confirm provisioning events are present
- NOTE: Only users assigned to the provisioning app (directly or via assigned groups) will be created, updated, or deactivated in TOTAL.