Blameless supports SCIM integration with Okta to easily create and manage user groups directly from the Okta environment.
Key features of this integration include:
- User activation
- User deactivation
- Group pushing
- Group linking
- User to group bi-directional updating (when groups are linked)
This article explains how to set up and configure the integration between Blameless and Okta.
After setting up the integration, please see User Management with Okta to learn about the provisioning and onboarding processes.
Set up provisioning
In order to create groups and add Blameless users, you must first create an API key in Blameless and then set up the integration in the Okta admin console.
Step 1: Create an API key
- In the sidebar of the Blameless UI, select Identity Management, and then select the Key Management tab.
- Select + Generate New Key.
- In the Enter a Name for the Key field, enter a memorable name for the new API key and then select Create.
- A new API key will be generated. Select Copy to copy the key to your clipboard, and then save the key in a secure location. When done, select Close.
- Note: This key will not be displayed again.
- Your new key appears in the key list table. You can have up to 10 active keys at a time.
Step 2: Enable API integration
- Log on to the Okta console ⏤
https://<yourSubdomain>.okta.com/login/default⏤ ensuring that you are authenticated as an Administrator.
- On the left sidebar, expand Applications and then select Applications.
- In the Applications section, select Browse App Catalog.
- In the Search field, search for
SCIM 2.0 Test App (Header Auth)and, in the results section, select SCIM 2.0 Test App (Header Auth).*
- Note: Ensure that you have not exceeded your applications limit.
- Select + Add Integration and then configure the application based on your organization's requirements. When finished, select Done.
- With the application still selected, click the Provisioning tab and, under the Settings panel, select Integration.
*: We are awaiting approval for our own catalog entry to be accepted in the Okta Integration Network catalog. The SCIM 2.0 Test App is simply an interim measure to support teams with immediate needs.
Step 3: Configure integration
- Select the Enable API integration checkbox.
- In the Base URL field, enter your full Blameless URL in the following format:
- In the API Token field, paste the API key you created in Step 1.
- Select Test API Credentials to ensure that the connection is functional.
- Click Save.
- Under the Settings panel, ensure that To App is selected.
- Select the Enable checkbox for the following entries:
- Create Users
- Update User Attributes
- Deactivate Users
- Click Save.
- Select the Sign On tab.
- In the top Settings section, select Edit.
- Scroll down to the Credentials Details section and, in the Application username format field, ensure that Email is selected.
- Click Save.
Provision users and groups
At this stage, all prerequisites are complete and you can proceed to provisioning groups and adding Blameless users in the Okta admin console.
Please see User Management with Okta to learn about this process.