Last updated January 25, 2021
Organizations that use Okta for user management, can integrate their account with StarLeaf. Okta integration is an additional option on your StarLeaf account. On this page:
- Supported scenarios
- Add StarLeaf in Okta
- Import users
- Assign StarLeaf to Groups
- Troubleshooting and tips
- Push new users from Okta to StarLeaf
- Push profile updates from Okta to StarLeaf
- Push user deactivation from Okta to StarLeaf
- Import users from StarLeaf into Okta
- New StarLeaf accounts where users are already in Okta: In this case, there are no users in the StarLeaf organization. Therefore, you do not need to import any users from StarLeaf. You only need to assign StarLeaf to your users and they will be automatically provisioned on the StarLeaf platform
- New Okta accounts where there are already StarLeaf users: In this case, import the users from StarLeaf into Okta. Add any new users to Okta where they will be automatically provisioned on the StarLeaf platform
- A mixture of Okta and StarLeaf users: In this case, import the users from StarLeaf into Okta. Where a user already exists in Okta, the two accounts will automatically be linked. Add any new users to Okta where they will be automatically provisioned on the StarLeaf platform
StarLeaf for Okta is available to organizations who have either:
- Business host license
- Enterprise meeting subscription
Before you start provisioning StarLeaf for Okta, you must contact StarLeaf Support (firstname.lastname@example.org) to enable the integration. When enabled, you will need to know the SCIM base URL, and create an Access token:
- Log in to portal.starleaf.com .
- Go to Integrations > Add integration.
- Select Okta user provisioning, and give the integration a name.
- Click Apply. A SCIM base URL and Access token appear:
- Make a note of the SCIM base URL and Access token. You will need both of these when you configure Okta.
- Log in to Okta and choose Applications > Add application.
- Find StarLeaf and choose Add.
- General settings: accept the default settings
- Sign-On options: choose Administrator sets username, user sets password and for Credentials Details > Application username format, choose Email.
- Check the Enable provisioning features box.
- For Base URL, enter the SCIM server URI from the StarLeaf Portal.
- For API Token, enter the Access token from the StarLeaf Portal.
- Click Test API Credentials. If your credentials are valid, you will see a success message:
- Scroll down and enable Provisioning Features:
- User Import: We recommend that you do not schedule user imports. If you already have StarLeaf users who are not currently in Okta, then later you will do a ‘one-time’ import from the StarLeaf platform. Username format will be the user’s email address. If you require another format for usernames, configure a Custom Okta username format
- Create Users: Ensure this is enabled. This causes Okta to push all new users to the StarLeaf platform and they will become StarLeaf users. You also need to ensure that in the Okta settings, all new users are automatically assigned to StarLeaf. For example, in Okta there is a default group called Everyone: add StarLeaf to that group
- Update User Attributes: Ensure this is enabled. This causes Okta to push any changes to a user’s details to the StarLeaf platform
- Deactivate Users Ensure this is enabled. If you deactivate a user, that user is also deactivated in the StarLeaf platform
- Profile Attributes & Mappings: Do not alter the default settings. This setting is usually only available when you return to this page after adding StarLeaf to Okta
- Check the Enable provisioning features box.
- Assign to people: This configuration page allows you to assign StarLeaf to individual users. We recommend that you do not use this method, instead, you will use Okta Groups to provision StarLeaf to members of groups. You will do this when you have finished adding StarLeaf to Okta.
- You have completed setup of the StarLeaf application in Okta and will see a success message:
If you have existing users in a StarLeaf organization, import those users into Okta. Do this step even if you think all or some of these users might already be in Okta. Where a user already exists in Okta, the two accounts will automatically be linked. This import is a one-time only step. After this import, you will only manage users in Okta.
To import users from your StarLeaf:
- Go to Okta > Applications > StarLeaf > Import
- Choose Import Now and follow onscreen instructions to complete the import.
After you have imported any users from your StarLeaf organization, then assign StarLeaf to Groups. The members of these Groups will be automatically provisioned with StarLeaf. New members of these Groups will be provisioned on the StarLeaf platform.
To assign StarLeaf to Groups:
- Go to Okta > Applications > StarLeaf > Groups
- Choose Assign to Groups and select the Groups to which you will assign StarLeaf.
If you think your access token has been compromised, you must create a new token. In the StarLeaf Portal, go to the Okta integration and select Regenerate access token and click . You must enter the new token in Okta > Provisioning.