Last updated January 29, 2019
Organizations that use Okta for user management can integrate that with their StarLeaf account. Okta integration is an additional option on your StarLeaf account.
- Push new users from Okta to StarLeaf
- Push profile updates from Okta to StarLeaf
- Push user deactivation from Okta to StarLeaf
- Import users from StarLeaf into Okta
- New StarLeaf accounts where users are already in Okta: In this case, there are no users in the StarLeaf organization. Therefore, you do not need to import any users from StarLeaf. You only need to assign StarLeaf to your users and they will be automatically provisioned on the StarLeaf Cloud
- New Okta accounts where there are already StarLeaf users: In this case, import the users from StarLeaf into Okta. Add any new users to Okta where they will be automatically provisioned on the StarLeaf Cloud
- A mixture of Okta and StarLeaf users: In this case, import the users from StarLeaf into Okta. Where a user already exists in Okta, the two accounts will automatically be linked. Add any new users to Okta where they will be automatically provisioned on the StarLeaf Cloud
To activate Okta integration on your StarLeaf account, contact StarLeaf technical support (firstname.lastname@example.org).
Before you start configuring provisioning for StarLeaf, you need to know the SCIM server URI and create an Access token:
- Log in to portal.starleaf.com .
- Go to Integrations > Add integration. Select Okta user provisioning and click .
- You see the SCIM server URL and Access token:
- Make a note of the SCIM base URL and Access token. You will need these when you configure Okta.
- Log in to Okta and choose Applications > Add application.
- Find StarLeaf and choose Add.
- General settings: accept the default settings
- Sign-On options: choose Administrator sets username, user sets password and for Credentials Details >Application username format, choose Email.
- Check the Enable provisioning features box.
- For Base URL, enter the SCIM server URI from the StarLeaf Portal.
- For API Token, enter the Access token from the StarLeaf Portal.
- Click Test API Credentials. If your credentials are valid, you will see a success message:
- Scroll down and enable Provisioning Features:
- User Import: We recommend that you do not schedule user imports. If you already have StarLeaf users who are not currently in Okta, then later you will do a ‘one-time’ import from the StarLeaf Cloud. Username format will be the user’s email address. If you require another format for usernames, configure a Custom Okta username format
- Create Users: Ensure this is enabled. This causes Okta to push all new users to the StarLeaf Cloud and they will become StarLeaf users. You also need to ensure that in the Okta settings, all new users are automatically assigned to StarLeaf. For example, in Okta there is a default group called Everyone: add StarLeaf to that group
- Update User Attributes: Ensure this is enabled. This causes Okta to push any changes to a user’s details to the StarLeaf Cloud
- Deactivate Users Ensure this is enabled. If you deactivate a user, that user is also deactivated in the StarLeaf Cloud
- Profile Attributes & Mappings: Do not alter the default settings. This setting is usually only available when you return to this page after adding StarLeaf to Okta
- Check the Enable provisioning features box.
- Assign to people: This configuration page allows you to assign StarLeaf to individual users. We recommend that you do not use this method, instead, you will use Okta Groups to provision StarLeaf to members of groups. You will do this when you have finished adding StarLeaf to Okta.
- You have completed setup of the StarLeaf application in Okta and will see a success message:
If you have existing users in a StarLeaf organization, import those users into Okta. Do this step even if you think all or some of these users might already be in Okta. Where a user already exists in Okta, the two accounts will automatically be linked. This import is a one-time only step. After this import, you will only manage users in Okta.
To import users from your StarLeaf:
- Go to Okta > Applications > StarLeaf > Import
- Choose Import Now and follow onscreen instructions to complete the import.
After you have imported any users from your StarLeaf organization, then assign StarLeaf to Groups. The members of these Groups will be automatically provisioned with StarLeaf. New members of these Groups will be provisioned on the StarLeaf Cloud.
To assign StarLeaf to Groups:
- Go to Okta > Applications > StarLeaf > Groups
- Choose Assign to Groups and select the Groups to which you will assign StarLeaf.
If you think your access token has been compromised, you must create a new token. In the StarLeaf Portal, go to the Okta integration and select Regenerate access token and click . You must enter the new token in Okta > Provisioning.