In order to enable seamless user and permissions management in Venn, Venn offers integrations with third-party Identity Providers (IdPs), including Okta.
If you configure Okta as your Venn Identity Management solution, you will set up SAML-based Identity Management so that users' Venn login information will be managed through Okta. Okta also offers the option to set up SCIM provisioning, which allows you to manage user access to Venn in Okta. You may or may not choose to set up SCIM provisioning depending on your company’s Okta subscription type.
Learn how to manage Venn user access with Okta as your IdP.
Requirements for SCIM Provisioning
User Provisioning Requirements
In order to successfully sync over users, your Okta user records must include these required fields:
- First Name (user.firstName in Okta)
- Last Name (user.lastName in Okta)
- Email (user.email in Okta)
Additionally, your Okta users' Application usernames must meet the following criteria:
- Length: The string must be between 2 and 40 characters long.
- Allowed characters:
- Numbers
0-9 - Uppercase letters
A-Z - Lowercase letters
a-z - Hyphen/dash
- - Underscore
_
- Numbers
The Okta field that you are using as the Application username for Venn can be viewed and adjusted on the Sign On tab of the Venn app you create in Okta.
Any users in Okta that do not meet this criteria will fail to provision.
Group Provisioning Requirements (Optional)
You may choose to assign the Venn app by group in Okta rather than assigning it to individual users.
In order to successfully sync over groups, your Okta groups' group.name values must meet the following criteria:
- Length: The string must be between 3 and 18 characters long.
- Allowed characters:
- Numbers
0-9 - Uppercase letters
A-Z - Lowercase letters
a-z - Hyphen/dash
- - Underscore
_ - Space
- Numbers
Any groups with names that do not meet this criteria will fail to provision.
Set up Okta as Your IdP
You must have Admin access to Okta in order to set it up as your Venn IdP.
To set up Okta as your IDP:
- The Venn team or a Venn partner will guide you through the process of changing your Identity Provider to Okta in Venn's Company Admin.
- After your Identity Provider has been changed to Okta in Venn's Company Admin, log in to Okta with an account that has administrator permissions to complete the IdP setup.
-
In the menu at left, click Applications and select Applications.
-
Click Create App Integration.
-
Select SAML 2.0 as the sign-in method and click Next.
-
On the next page, enter “Venn” in the App name field, upload the file found here in the App logo (optional) field and click Next.
-
Input the following in the Single sign on URL and the Audience URL (SP Entity ID) fields:
https://[company shortname].venn.com/sso/okta(replace [company shortname] with your company's shortname in Venn, which is the abbreviation for your company that you see in the URL bar before.venn.comwhen you have the Workplace web app open). Then, click Continue. -
Select I’m an Okta customer adding an internal app and click Finish.
-
You will be brought to the Sign On tab for the newly created Venn application in Okta. Click View Setup Instructions under Settings or View SAML Setup Instructions in the panel at right.
- Scroll down to the Optional section and copy all IdP metadata.
- Add the IdP metadata from Okta to the Okta Identity Provider settings in Venn.
- Navigate to login.venn.com and sign in using the Admin temporary account provided by your Venn team.
-
Click Company admin or Manage > Company admin.
-
Click All websites.
-
Click Okta in the websites list and click Edit Identity Provider.
-
Paste the metadata into the IdP metadata field and click Save.
Once these steps are complete, Okta will be set up as you IdP for Venn.
Set up SCIM Provisioning
After you have set up Okta as your IdP, you can set up SCIM provisioning, which allows you to manage user access to Venn in Okta.
- In Okta, go to the General tab for the Venn application that you created.
- Click Edit under App Settings, select Enable SCIM provisioning, and then click Save. This will add a Provisioning tab for the Okta application.
- In Venn, generate the token you need to set up SCIM provisioning.
- Navigate to login.venn.com and sign in using the Admin temporary account provided by your Venn team.
-
Click Company admin or Manage > Company admin.
-
Click All websites.
-
Click Okta in the websites list and click Edit Identity Provider.
-
Click Generate token and copy it.
-
In Okta, navigate to the Provisioning tab for the Venn application.
- Click Edit under SCIM Connection. Configure with the information below:
- SCIM connector base URL: https://login.venn.com/scim
- Unique identifier field for users: userName
- Check the box to enable Push new users
- Check the box to enable Push Profile Updates
- Check the box to enable Push Groups (if needed)
- Authentication Mode: HTTP Header
-
Authorization: Paste the token from the Venn team
-
Click Test Connector Configuration
- Click Save.
-
Navigate to the Provisioning tab. Keep the following attributes mapped on the Provisioning tab. Remove all other Attributes from the mapping.
userName Configured in Sign On settings givenName user.firstName familyName user.lastName middleName user.middleName email user.email emailType (user.email != null && user.email != '') ? 'work' : '' primaryPhone user.primaryPhone primaryPhoneType (user.primaryPhone != null && user.primaryPhone != '') ? 'work' : '' - Click Edit.
-
In the Provisioning to App section, check the boxes to enable Create Users, Update User Attributes, and Deactivate Users and then click Save.
Once these steps are complete, users will be provisioned into Venn from Okta.
Manage User Access to Venn when Okta is Your IdP
Follow the steps in this article to manage user access to Venn once you have set up Okta as your IdP.