User Guide
Other documentationsDemoCommunity
  • Forest Admin
  • Getting Started
    • Setup guide
    • Master your UI
      • The Table View
      • Using the Layout Editor mode
        • Customize the Table View
        • Customize the Details View
        • Customize your creation and edition forms
      • Build a Summary View
      • Build an Explorer View
      • Using Smart Views
    • Tutorials
  • Collections
    • Manage your collection settings
    • Customize your fields
      • Edit widgets
      • Display widgets
      • Options
      • Default actions on relationships
    • Actions
      • Edit a record
      • Create a record
      • Using Smart Actions
    • Segments
    • Scopes
    • Performance
  • Workspaces
    • Introduction to Workspaces
    • Using Workspaces
      • Sharing your own Workspace URL with pre-selected data
      • Editing records with field components
    • Building a workspace
      • Workspace Incident Management example
      • Workspace KYC example
      • Transactions Monitoring & Fraud Management example
      • Fleet Management example
  • dashboards
    • Charts
      • Create a chart
      • Display record-specific charts in Analytics
  • Other tabs
    • Collaboration
      • Communicate with Notes
      • Approval requests
      • Inboxes
    • Activity
  • Integrations
    • Metabase
  • Project settings
    • General tab
    • Environments tab
    • Teams, Users & Permissions
      • Create and manage a team
      • Add and manage users
      • Manage roles and permission levels
      • Export users history
    • Security tab
      • SCIM integration with OneLogin
      • SCIM integration with Okta
      • Manual SCIM integration with Okta
    • Other project settings
      • Interface tab
      • Billing tab
    • Organizations
      • Organization settings
        • Configure SSO with AWS IAM
        • Configure SSO with Azure AD
        • Configure SSO with Google
        • Configure SSO with Okta
        • Configure SSO with OneLogin
Powered by GitBook
On this page
  • Supported features
  • Adding the Forest Admin app
  • Authenticating Okta in Forest Admin
  • Configuring the app
  • Adding Forest Admin custom parameters
  • Managing mapping rules
  • Adding custom user attributes
  • Managing teams with SCIM groups

Was this helpful?

  1. Project settings
  2. Security tab

Manual SCIM integration with Okta

Adding Forest Admin to Okta from a manually configued app

PreviousSCIM integration with OktaNextOther project settings

Last updated 4 months ago

Was this helpful?

You must be on a to have access to this feature.

Supported features

  • Provisioning users from Okta to Forest Admin

  • Updating user role, permission level, and tags from Okta to Forest Admin: Enabling SCIM will disable user editing from Forest Admin.

  • Deleting user in Forest Admin when user is removed from Forest Admin app in Okta.

  • Groups are used to assign users to team.

Adding the Forest Admin app

Go to the Applications tab, then click "Browse App Catalog":

​​​Select "SCIMForest 2.0 Test App (Header Auth)"

Give your application a name. Keep in mind this app will be linked to one Forest Admin project. You may want to configure multiple apps if you want to activate SCIM provisioning on several projects.

Authenticating Okta in Forest Admin

Go to your Forest Admin project settings and enable the User provisioning feature: this will automatically generate a token that you will need to paste into your Okta app:​

Paste your token - prefixed by "Bearer" in the API Token field in the Integration tab:​​​​

If your token is "abc" then write "Bearer abc" in the API Token field

Configuring the app

You may then proceed to configure your app:

The "Sync Password" field should be kept disabled, as we don't support it.

Adding Forest Admin custom parameters

  • permissionLevel (string): should match any of “Admin”, “Developer”, “Editor”, or “User”.

  • teams (string): comma separated list of names exactly matching a team name in the project. ex: "Operators,Support". This should either be filled in via a custom mapping rule or ignored if you are using Groups.

  • role (string): should match exactly an existing role in the project.

  • tags (optional string): key/value pairs, separated with a semicolon. ex: "regions:France,Italie;job:developer"

Go to Profile Editor and add attributes:

The "External namespace" field should be filled with urn:ietf:params:scim:schemas:extension:forest:2.0:User

Managing mapping rules

Create mapping rules to automatically provide values to mandatory parameters role and permissionLevel, and optionally tags. If you don’t create mapping rules, you will have to provide these values manually for each user provisioned.

Beware of selecting the right mapping direction: Okta to Forest Admin

Adding custom user attributes

You may want to add custom user attributes to base your mapping rules on. To do so, go in the global user profile in Directory > profile editor.

Managing teams with SCIM groups

Groups allow you to create mapping rules between Okta groups and Forest Admin teams.

First, go to the Directory tab and on the Groups section, ensure that you defined a group for each Forest Admin team.

Then go to the Forest Admin App in Okta and click on the "Push groups" tab.

Click on "Refresh App Groups" then "Push Groups" and select "Find groups by name". Type in the name of any group you want to link with a Forest Admin team.

You can then map the Okta group with an existing Forest Admin team or create a new team with the same name.

Warning: when you link a group from Okta to a Forest Admin team, the Forest Admin team will be renamed to match the group name, unless you disable this option (see below).

To prevent Okta from renaming your Forest Admin teams, you can disable groups renaming in the app settings.

Forest Admin Pro plan