Set up Okta SSO/SCIM

Lens paid subscription feature

Info

This feature requires a paid subscription. Please visit the pricing page or contact the sales team for details.

On this page, you can find instructions on integration with the Okta platform. You can create an application and configure both SSO and SCIM by associating the Okta application with the Lens Business ID. For details, see the Okta official documentation .

Prerequisites

Administrator accounts:

• Okta
• Lens Business ID

Enable SSO

To configure SSO your Lens Business ID (LBID):

1. Open LBID > Authentication and toggle Single Sign-On (SSO).
2. In Email Address Domain, select the domain for SSO.
3. In SSO Provider Type, select SAML.

4. Transfer the following parameters to the identity provider service corresponding settings:

   Parameter	Description
   Single Sign-On Service URL	The IDP service endpoint for authentication requests
   Identity Provider Entity ID	The URL that identifies IDP

5. Create an Okta application.

6. In the Okta application open the Sign On tab, and click SAML 2.0 > More details.

7. Copy the following parameters to the corresponding fields in LBID > Authentication:

   Okta parameter	LBID parameter
   Single Sign-On URL	SSO Service URL
   Issuer	Identity Provider Entity ID

   After saving the configurations, you can see a message informing that the Lens Business ID SSO has been configured.

Enable SCIM

To configure SCIM your Lens Business ID (LBID):

1. Configure SSO in you LBID.
2. Toggle Authentication > SCIM Provisioning.

3. Transfer the following parameters to the identity provider service corresponding settings:

   Parameter	Description
   Base URL	The API endpoint to which the IDP service sends requests
   API Token	The access token

Create an Okta application

To create an Okta SSO application:

1. In Okta Admin Console, go to Applications and click Create App Integration.
2. In the following menu, select SAML 2.0 and click Next to open the General Settings step.
3. Type the name of your application in the App name input field.
4. Optional. Upload the logo in the App logo field and click Next to proceed to SAML Settings.

5. In SAML Settings, specify the following parameters:

   Option	Recommended value	Comment
   Single sign-on URL	Assertion Consumer Service URL	Find in your Lens Business ID > Authentication > Single Sign-On
   Audience URI (SP Entity ID)	Service provider Entity ID	Find in your Lens Business ID > Authentication > Single Sign-On
   Name ID format	EmailAddress	Select from the drop-down list in SAML Settings
   Application username	Email	Select from the drop-down list in SAML Settings

6. Specify Attribute Statements as follows:

   Nam	Name format	Value
   user email	Unspecified	user.email

7. Optional. View the the XML with configurations by clicking Preview the SAML Assertion.

8. Click Next to proceed to the Feedback step.
9. Optional. Answer the optional questions.
10. Click Finish.
11. Complete steps 6 and 7 of [Configure Lens Business ID].

Configure SCIM in the Okta application

1. Open Applications and select your SSO application.
2. On the General tab, click Edit.
3. In App Settings, select Provisioning > SCIM.
4. Go to the Provisioning tab and click Edit.

5. Specify parameters as follows:

   Parameter	Value	Comment
   SCIM connector base URL	Base URL	See step 3 of Enable SCIM
   Unique identifier field for users	email	Type the value in the input field
   Supported provisioning actions	various	Select from the list of available actions
   Authentication Mode	HTTP Header	Select from the drop-down list
   Authorization	API Token	See step 3 of Enable SCIM

   After successful configuration, the Provisioning > Provisioning to App opens.

6. In the following menu, click Edit, select necessary actions, and click Save.

Assign the application to a user

To assign your Okta application:

1. Go to the Assignments tab.
2. Click Assign and assign the application to particular users or user groups.