Okta SCIM Setup

This guide describes how to configure Okta AD to automatically provision and deprovision users and groups to Autodesk.

Capabilities

The following provisioning features are supported:

  1. Push New Users and Groups

    • New users and groups created through OKTA will also be created in the Autodesk Account.

  2. Push User Deactivation & Reactivate Users

    • Deactivating the user through OKTA will deactivate the user in the Autodesk Account.
    • User accounts can be reactivated in the Autodesk Account.

  3. Push Profile and Group Updates

    • Group attributes and membership updates will be synced in the Autodesk Account.
    • Users' profile details updated through OKTA will be pushed to the Autodesk Account.

Known Issues

  1. Refresh App Groups feature on Okta Group Push is not supported since it imports groups from the SCIM server.

  2. Push groups by name feature on Okta Group Push is supported only when the group name does not exist in the SCIM server or the group can be found for linking.

Prerequisites

Both the base URL and API token will be available in the directory sync set up in Autodesk Account. The API token is generated using the SCIM Service Account credentials in the Okta.

Configure Autodesk SSO Application from Okta

  1. Sign in to Okta and access the Applications tab.

  2. Click the Browse App Catalog button.

  3. Search for the "Autodesk SSO" application and update the Sign-on, provisioning, and user assignment details accordingly.

  4. The "userName" attribute value follows an email address format, so you'll need to select Email for the Application username format in the Sign On tab in Okta.

Provisioning

  1. Under the application page, go to the Provisioning tab and click Integration on the left-hand side under Settings.

  2. Scroll down and select the Enable API integration checkbox.

  3. In order to fill Base URL and API Token go to the Autodesk Account and select the User management tab on the left navigation bar.

  4. Go to By User or By Group to access the team settings.

  5. Click the Set up directory sync button and select Okta SCIM as the directory environment..

  6. Click Next to access the Okta admin crendentials.

  7. Copy the Base URL and API token.

  8. Now, in the Okta Provisioning page, paste the the base URL and API token in the respective fields.

  9. Select the Import Groups checkbox.

  10. Select Test API Credentials to make sure that Okta AD can connect to Autodesk.

  11. Save the connection.

  12. Select To App on the left-hand side navigation bar to enable the provisioning settings.

  13. Select the Enable checkboxes beside Create Users, Update User Attributes and Deactivate Users and click Save.

Note: Once the users and groups are mapped and the automatic provisioning is enabled in the Autodesk Account, Okta users and groups will be synchronized immediately. If there is an issue with the sync, it will be logged on the dashboard and the user should retry manually to provision the users.

User and Group Assignment

Assigning users

  1. Select Assignments tab of the app. Select the Assign drop-down button to assign more people or groups in Okta to the Autodesk app.

  2. Once the user and group assignment are complete, the assigned users and groups will be added to Autodesk Account.

Start Provisioning

  1. Select the Push Groups tab in the Autodesk app.

  2. You can push groups by name or by rule. For by rule groups,, you can create a rule that pushes any groups that match the rule.

  3. You can push groups to sync your Okta group and its users with your Autodesk Account.

Parent page: About Directory Sync