Integrating Trusona and Okta SCIM

This guide details the steps required to provision your Trusona organization to sync with Okta user identities via the System for Cross-domain Identity Management (SCIM) protocol.

1. Getting Started

1.1. Supported Scenario

The Trusona SCIM for Okta supports a limited preview set of a capability designed to support the onboarding of enterprise workforce customers. The intended use involves synchronizing users and their attributes from Okta into the Trusona application.

Trusona for Okta will successfully allow organizations to use the Trusona mobile app to perform authentication into any Okta application, while the Trusona SCIM for Okta will help synchronize user information from Okta to ensure a seamless onboarding and registration experience.

Upon implementation of both applications any new user created will be sent a welcome email inviting them to click a link to download, install and set-up the Trusona app for iOS or Android depending on the user’s platform. Upon completion of the user registration process users of the Trusona app will be able to authenticate to any Okta application that is configured to require the use of Trusona.

1.2. Prerequisites

The following are required in order to configure Okta integration with Trusona via SCIM:

In Okta

  • An Okta account with administrative privileges
  • The SCIM provisioning feature must be enabled for your organization. If this option does not appear in your app integration’s setting page, contact Okta support to activate this feature.

In Trusona

  • Admin access to the Trusona Dashboard. If your company does not have an account, visit the Trusona Dashboard to create one. Otherwise, consult with the owner of your company’s Trusona Dashboard account in order to create the integration.
  • An Okta integration created in the Trusona dashboard
  • The SCIM feature must be enabled for your Trusona account. Contact support@trusona.com to have this enabled.

2. Integrate Trusona and Okta Cloud IAM

If you already have an Okta integration in your Trusona dashboard for which you will configure SCIM, skip to Step 3.

Trusona integrates with your Okta cloud instance to provide passwordless authentication for your users. It achieves this by managing an Okta group which it configures to opt-out of Okta’s multifactor authentication, in order to prevent users from being prompted by Okta for a second factor authentication.

2.1. Create an API Token and Group in the Okta Admin Portal

2.1.1. Create an API Token

Navigate to Security > API and then click the Tokens tab.

Click the button labeled Create Token.

Click Create Token Button
Click Create Token Button

In the prompt, enter a name for the token.

Enter Token Name
Enter Token Name

Copy the token value and save it somewhere safe. You will use it in creating the Okta integration in Step 2.2.

Copy Token Value
Copy Token Value

2.1.2. Create a Group

Navigate to Directory > Groups.

Click the button labeled Add Group.

Click Add Group Button
Click Add Group Button

In the prompt, name the group Trusona.

Enter Name of Group
Enter Name of Group

You don’t need to maintain the membership of this group. Group membership is automatically managed by Trusona via the Okta API. Do not add any members to the group.

Copy the URL from the browser window (e.g. https://example.okta.com/admin/group/00ga12bf34X5KZ67d0e8) and save it somewhere safe. You will use it in creating the Okta integration in Step 2.2.

2.2. Create an Okta integration in the Trusona Dashboard

Navigate to Integrations > Okta

Click the button labeled Create Okta integration.

Click Create Okta Integration
Copy Token Value

Enter values for the following fields:

  • Name

  • Okta Tenant URL
    • This will look similar to https://example.okta.com.
  • API Token
    • The value from the token you made in Step 2.1.1.
  • Group ID
    • This is the value from the URL you copied in Step 2.1.2.
Enter Okta Integration Values
Enter Okta Integration Values

Click the button labeled Save.

You will be navigated to a page that displays the data Trusona generated for use in the Okta platform.

2.2.1. Create an API Token

Scroll down to the section heading SCIM Details.

Click the button labeled Create API Token.

SCIM Details
SCIM Details

Copy the token value and save it somewhere safe. You will use it in creating the Okta integration in Step 3.

Copy API Token
Copy API Token

3. Create a Trusona SCIM App in the Okta Admin Portal

In the Okta admin portal, navigate to Applications > Applications

Click the button labeled Browse App Catalog.

Browse App Catalog
Browse App Catalog

In the search field, type, Trusona SCIM. Click the result in the list named Trusona SCIM.

Search Trusona SCIM
Search Trusona SCIM

Click the button labeled Add.

Add Trusona App
Add Trusona App

Input the values for the headings Application label and Application Visibility.

Input Application Values
Input Application Values

Click the button labeled Done.

Click the Provisioning tab.

Click the button labeled Configure API Integration.

Configure API Integration
Configure API Integration

Click the Enable API integration option.

Enter the value for the API Token you saved in Step 2.2.1.

Click the button labeled Test API Credentials. A message should appear that the credentials were successfully verified. If instead an error message appears, go back to Step 2.2 and save a new API token.

Test API Credentials
Test API Credentials

Click the button labeled Save. You will be redirected to a page displaying app provision options.

Next to the Provisioning to App heading, click Edit.

Click the options next to Create Users and Update User Attributes.

Click the button labeled Save.

4. Sync Users and Groups

In Okta, when users are assigned to the SCIM App Integration, their identities will be synced with the Trusona service. By assigning a group to the SCIM App Integration, the identities of all users in the group will be synced with the Trusona service.

4.1. Assign Users

To assign users to the SCIM App Integration, click the Assignments tab of the application.

Click Assign > Assign to People. This opens a dialog listing the users in your directory. Click Assign next to the user you want to assign.

Assign To People
Assign To People
Assign
Assign

Enter any additional information for that user and click Save and Go Back.

Assign Additional Information
Assign Additional Information

4.2. Assign Groups

To assign groups to the SCIM App Integration, click the Assignments tab of the application.

Click Assign > Assign to Groups. This opens a dialog listing the groups in your directory. Click Assign next to the group you want to assign.

Assign To Groups
Assign To Groups

Enter any additional information for that group and click Save and Go Back.

5. Supported Features

The following features are supported by the Okta SCIM integration for Trusona:

5.1. Push New Users

New users created through Okta will also be provisioned in Trusona using the email address assigned to them in Okta. New users will receive a welcome email from Trusona with a link to install the Trusona app for their mobile device.

5.2. Push Profile Updates

Updates made to the user’s profile through Okta will be pushed to Trusona, updating the user’s attributes.

6. Known Issues and Limitations

The following is a list of known issues and limitations of Trusona SCIM for Okta.

  • There is no visibility of attributes synchronized from Okta in the Trusona application.
  • The Trusona mobile app only supports onboarding of a single account in the Trusona for iOS and Trusona for Android app. If you would like to use the ability for both an organization and for a personal account, please contact Trusona Support at support@trusona.com.
  • Only the primary email address attribute is visible in the Trusona mobile app, there is no means of querying user profile information from Trusona.
  • The administrative welcome email template cannot be configured, if you would like to configure this, please contact support@trusona.com.
  • There is no ability to re-send a registration email or link to Trusona, in order to do a user will need to de-activated and re-activated in Okta.

7. Troubleshooting

  • I haven’t received a welcome email or registration link to get started with the Trusona mobile app.
    • Check to ensure the user account has the Trusona SCIM application assigned.
    • Check to ensure the user is not deactivated or suspended.
    • Check your spam or junk mail folder as sometimes the invites get marked as spam.
    • Check to see if there are any errors with the user or the Trusona SCIM application.
  • I cannot activate my new account due to an existing account in the Trusona mobile app.
    • Trusona only supports a single account when using SCIM, please delete the existing account and then try again.
    • For Android uninstalling the Trusona for Android app will remove all account and app data.
    • For iOS you will need to delete the associated account before you can activate the new SCIM provisioned account.
  • I cannot download the Trusona mobile app.
    • In rare occasions you may need to download the Trusona mobile app from the Play or App Store manually, please download the app and then try again.

If you have completed the steps above or you have an issues not detailed here please contact support@trusona.com to additional assistance.


Integrations

Desktop
IAM and SSO
SCIM
PAM
Productivity
VPN
General

Guides

Get started guides
Implementation guides
Users guides

SDKs

Mobile SDKs
Server SDKs
Web SDKs

APIs

Authentication Service
ID Proofing Service
Mobile Auth for Browsers Service

TOTP

Business
E-commerce
Finance
Productivity
Social
Gaming
Other