In order to enable seamless user and permissions management in Venn, Venn offers integrations with third-party Identity Providers (IdPs), including Okta.
If you configure Okta as your Venn Identity Management solution, you will set up SAML-based Identity Management so that users' Venn login information will be managed through Okta. Okta also offers the option to set up SCIM provisioning, which allows you to manage user access to Venn in Okta. You may or may not choose to set up SCIM provisioning depending on your company’s Okta subscription type.
Learn how to manage Venn user access with Okta as your IdP.
Set up Okta as Your IdP
You must have Admin access to Okta in order to set it up as your Venn IdP.
To set up Okta AD as your IDP:
- The Venn team or a Venn partner will change your Identity Provider to Okta under Connected Apps > Identity Management in Company Admin.
- Login to Okta with an account that has administrator permissions.
- In the menu at left, click Applications and select Applications.
- Click Create App Integration.
- Select SAML 2.0 as the sign-in method and click Next.
- On the next page, enter “Venn” in the App name field, upload the file found here in the App logo (optional) field and click Next.
- Input the following in the Single sign on URL and the Audience URL (SP Entity ID) fields:
https://[company shortname].venn.com/sso/okta
(replace [company shortname] with your company's shortname in Venn, which is the abbreviation for your company that you see in the URL bar before.venn.com
when you have the Workplace web app open). Then, click Continue. - Select I’m a software vendor. I’d like to integrate my app with Okta and click Finish. You can safely disregard the button to Submit your app for review.
Once these steps are complete, Okta is set as your Venn Identity Management solution.
Set up SCIM Provisioning
- In Okta, go to the General tab for the Venn application that you created.
- Click Edit under App Settings, select Enable SCIM provisioning, and then click Save. This will add a Provisioning tab for the Okta application.
- Your Venn team will do the following in Venn Company Admin to generate a token that you need to set up SCIM provisioning:
- Navigate to All websites section and click Add websites.
- Search for and select “Okta” and click Identity Provider.
- Click Okta in the websites list and click Edit Identity Provider.
- Click Generate token and copy it.
- Navigate to All websites section and click Add websites.
- In Okta, navigate to the Provisioning tab for the Venn application.
- Click Edit under SCIM Connection. Configure with the information below:
- SCIM connector base URL: https://login.venn.com/scim
- Unique identifier field for users: userName
- Check the box to enable Push new users
- Check the box to enable Push Profile Updates
- Authentication Mode: HTTP Header
-
Authorization: Paste the token from the Venn team
- Click Test Connector Configuration
- Click Save.
- Navigate to the Provisioning tab. Keep the following attributes mapped on the Provisioning tab. Remove all other Attributes from the mapping.
userName Configured in Sign On settings givenName user.firstName familyName user.lastName middleName user.middleName email user.email emailType (user.email != null && user.email != '') ? 'work' : '' primaryPhone user.primaryPhone primaryPhoneType (user.primaryPhone != null && user.primaryPhone != '') ? 'work' : '' - Click Edit.
- In the Provisioning to App section, check the boxes to enable Create Users, Update User Attributes, and Deactivate Users and then click Save.
- Navigate to the Sign On tab.
- Click View Setup Instructions.
- Copy all IdP metadata and share with your Venn team. They will add that information to the Okta Identity Provider settings in Venn's Company Admin:
- Navigate to All websites. Click Okta in the websites list and click Edit Identity Provider.
- Upload the metadata from Okta in the IdP metadata field and click Save.
- Navigate to All websites. Click Okta in the websites list and click Edit Identity Provider.
Manage User Access to Venn when Okta is Your IdP
Follow the steps in this article to manage user access to Venn once you have set up Okta as your IdP.