Step 3: Push groups to Blameless
Overview
Blameless supports SCIM integration with Okta to easily create and manage user groups directly from the Okta environment.
In addition to creating groups and adding Blameless users, this article also explains how to use the following features:
- User activation
- User deactivation
- Group pushing
- Group linking
- User to group bi-directional updating (when groups are linked)
Step 1: Create groups
- Log on to the Okta console ⏤
https://<yourSubdomain>.okta.com/login/default
⏤ ensuring that you are authenticated as an Administrator. - On the left sidebar, expand Directory and then select Groups.
- In the Groups section, select Add group.
- The Add group dialog box appears.
- In the Name field, enter a name for the group.
- In the Description (optional) field, enter a brief description of the group.
- Click Save.
- Select your new group. Use the search functionality if needed.
- Select the Applications tab and then click Assign applications.
- A list of applications appears.
- Click Assign for the application you wish to assign the group to.
- In the Assign Applications to <Group Name> dialog box, complete all relevant fields. When done, click Save and Go Back.
- Click Done. Repeat this process to create additional groups, if needed.
Note: The groups that you have created in Okta will allow you to control which users are in which group in Blameless. If you create a group in Blameless, Okta will not be able to edit this group unless you link to it in Okta. See Linking Groups to learn more. |
Step 2: Add users
- Select the People tab.
- Click Assign people.
- Click on the + symbol next to each user to assign them to the selected group. Alternatively, use More actions → Assign all people in org if you need to assign everyone in the organization.
- Note: To learn more about user statuses, see About user account status .
- When finished, click Done.
Step 3: Push groups to Blameless
- In the left sidebar, navigate to Applications → Applications and then select your application (i.e., SCIM 2.0 Test App (Header Auth)).
- Select the Push Groups tab.
- Click the Push Groups drop-down arrow and select Find groups by name.
- In the Search field, start entering the name of the group. A list of groups that match the text appears in real time. Select the relevant group to push to Blameless.
- Click Save. This action will create a group in Blameless that corresponds with the Okta-created group.
- After a few moments, the status under the Push Status column header will become Active. The group has now been pushed to Blameless.
- Confirm the push by navigating to Identity Management in the Blameless UI ⏤ the Groups tab is selected by default.
- Confirm users in group: Select the vertical ellipsis icon to the right of the group entry and then click Assign/Unassign Users to see a list of users in the group.
- View total number of users added: Select the Users tab.
About user onboarding After the group push from Okta, the user will need to visit their Blameless instance and log in using the same email that was used to initially create the user in Okta. That user's permissions, which are based on their group placement, will be immediately enforced on login. |
Linking groups
If you have created groups in Blameless, they can be controlled via Okta by linking. This is done by creating the group in Okta and then linking it to the Blameless group.
- Create the group in Okta.
- In the left sidebar, navigate to Applications → Applications and then select your application (i.e., SCIM 2.0 Test App (Header Auth)).
- Select the Push Groups tab.
- Click the Push Groups drop-down arrow and select Find groups by name.
- In the Search field, start entering the name of the group. A list of groups that match the text appears in real time. Select the relevant group to push to Blameless.
- Under the Match result & push action column header, change the drop-down option from Create Group to Link Group.
- In the drop-down field below, select the Blameless-created group that your new Okta group should link to.
- Click Save and, as before, monitor the push status to ensure that it becomes Active.
About group names In the example above, you will notice that our Okta-created group is called "Tutorial Observers" (plural) and it will be linked to a Blameless-created group called "Tutorial Observer" (singular). In fact you can link an Okta-created group with any Blameless group regardless of the latter's name. In the event that the names are different, the Blameless-created group will automatically be renamed to match the Okta group. Per our example, the Blameless group will now be renamed to "Tutorial Observers" to match the name assigned in Okta. |
Comments
0 comments
Article is closed for comments.