How can we help?

Torii's SCIM Setup with Okta

Noga Tubi
Noga Tubi
  • Updated

Features

Torii Supports the following features:

  • Create Users
  • Update User Attributes
  • Deactivate Users

Generate Torii SCIM

  1. From the Settings page >> Security, enable the SCIM toggle 
    mceclip0.png
  2. Go to the API Access tab; From here, you can view and manage the Torii API keys and SCIM 
  3. Click on Generate API Key to generate a new SCIM 
    mceclip1.png

  4. Choose type: Torii SCIM.
  5. Set an Expiration date: For security purposes, we recommend setting an expiration date when generating a new key.

    - The key will become invalid on the chosen expiration date.
    - Torii will send an email reminder a month before the expiration date reminding you to generate
       a new Key.

  6. Add a Description.
  7. Copy the key at this point. After this step, the full key will become unavailable.
  8. Click Got it
    mceclip3.png
  9. The new key has been added; read about key rotation to learn about replacing the SCIM once it expires.
    mceclip3.png

________________________________________________________________________________________

Okta configuration

  1. In okta, go to Applications >> Browse App Catalog
    mceclip0.png
  2. Search & select Torii
  3. Click on Add Integration
    mceclip4.png
  4. Click on Done
    mceclip3.png
  5. Click on Configure API Integration
    mceclip8.png
  6. Check the Enable API Integrations box, Enter the token and click on Save.
    mceclip9.png
  7. Configure the "User type." Go to the Provisioning tab, scroll down to User type and click on Edit.
    mceclip12.png
  8. Select the user type, either okta default or a custom field.
    mceclip13.png
  9. Scroll back up to configure the provisioning, click on the Edit button
    mceclip15.png
  10. Check the "Create Users, Update User Attributes and Deactivate user" credentials and click Save.
    mceclip16.png
  11. Go to Sign on, and click on Edit.
    mceclip18.png
  12. Select "Email" in the Application username format and click Save.
  13. Enter the Organization ID and click Save.
    mceclip19.png

API/SCIM Key Rotation

Token expiration can not be changed after its creation.

The recommended way to rotate the key is to:

    • Generate a new API / SCIM key
    • Find and replace the old with the API in your system
    • Delete the old API
      mceclip4.png

Troubleshooting & Tips

  • userName(email) cannot be updated.
  • Users with the Employee role don’t appear on the Members page.
  • If userType is not sent in the request, the user will get the Employee role as the default.
  • userType must be a valid role name. You can use pre-defined or custom roles.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request