Manage Venn User Access with Okta as Your IdP

Once Okta is set up as your Venn Identity Management solution, users' Venn login information will be managed through Okta.

If you set up SCIM provisioning, user and group access to Venn will be managed in Okta.

If you did not set up SCIM provisioning, you will create users in Venn and your users' login information will be linked from Okta to Venn (matching on email address).

Requirements for SCIM Provisioning

User Provisioning Requirements

In order to successfully sync over users, your Okta user records must include these required fields:

  • First Name (user.firstName in Okta)
  • Last Name (user.lastName in Okta)
  • Email (user.email in Okta)

Additionally, your Okta users' Application usernames must meet the following criteria:

  • Length: The string must be between 2 and 40 characters long.
  • Allowed characters:
    • Numbers 0-9
    • Uppercase letters A-Z
    • Lowercase letters a-z
    • Hyphen/dash -
    • Underscore _

The Okta field that you are using as the Application username for Venn can be viewed and adjusted on the Sign On tab of the Venn app you create in Okta. 

Any users in Okta that do not meet this criteria will fail to provision. 

Group Provisioning Requirements (Optional)

You may choose to assign the Venn app by group in Okta rather than assigning it to individual users.

In order to successfully sync over groups, your Okta groups' group.name values must meet the following criteria:

  • Length: The string must be between 3 and 18 characters long.
  • Allowed characters:
    • Numbers 0-9
    • Uppercase letters A-Z
    • Lowercase letters a-z
    • Hyphen/dash -
    • Underscore _
    • Space   (can be in any position)

Any groups with names that do not meet this criteria will fail to provision. 

Provision User and Group Access to Venn in Okta with SCIM Provisioning

If you set up SCIM provisioning, you can grant access to Venn for users or groups in Okta. The user or group of users will be created in Venn along with any backend resources they require. If a group does not already exist in Venn, the group will be created and the users will be added to the group.

To grant access to a user or group:

  1. In Okta, navigate to Menu > Applications > Applications.
  2. Click on the Venn application.

    Annotation-Annotation_on_2023-04-14_at_17-11-48.png.png

  3. Select the Assignments tab.

    Annotation-Annotation_on_2023-04-14_at_17-13-02.png.png

  4. Click Assign and choose Assign to People or Assign to Groups, as appropriate/desired.

    Annotation-Annotation_on_2023-04-14_at_17-14-13.png.png

  5. Click Assign for each appropriate/desired user or group.

    Annotation-Annotation_on_2023-04-14_at_17-17-12.png.png

  6. Click Save.

The selected users or groups will have access to Venn. They will be able to initiate Venn onboarding by signing into Okta and clicking on the Venn application in the My apps section.

Remove User and Group Access to Venn in Okta with SCIM Provisioning

If you set up SCIM provisioning, you can remove access to Venn for users or groups in Okta. 

If you remove a user from a group that has the application assigned, they will no longer have access to Venn. Additionally, if you delete a user from Okta when they leave your organization, they will also be deleted from Venn.

To remove access for a user or group:

  1. In Okta, navigate to Menu > Applications > Applications.
  2. Click on the Venn application.

    Annotation-Annotation_on_2023-04-14_at_17-11-48.png.png

  3. Select the Assignments tab.

    Annotation-Annotation_on_2023-04-14_at_17-13-02.png.png

  4. Click the x to the right of the user or group that you would like to remove access from.

    Okta_Remove access.png

If you remove a user from a group that has the application assigned, they will no longer have access to Venn. Additionally, if you delete a user from Okta when they leave your organization, they will also be deleted from Venn.

Provision User Access to Venn when Okta is Your IdP with SAML Identity Management (No SCIM Provisioning)

If Okta is set up as your Venn Identity Management solution and you do not set up SCIM Provisioning, you must assign the app to appropriate users in Okta and add users in Venn to grant them access.

In order to grant user access to Venn, you must assign the custom Venn app you created to users in Okta AND add them as users in Venn.

To provision user access:

  1. Assign the Venn app to appropriate users in Okta Admin.

    1. Log in to Okta Admin.

    2. Navigate to Menu > Applications > Applications.
    3. Click on the Venn application.

      Annotation-Annotation_on_2023-04-14_at_17-11-48.png.png

    4. Select the Assignments tab.

      Annotation-Annotation_on_2023-04-14_at_17-13-02.png.png

    5. Click Assign and choose Assign to People or Assign to Groups, as appropriate/desired.

      Annotation-Annotation_on_2023-04-14_at_17-14-13.png.png

    6. Click Assign for each appropriate/desired user or group.

      Annotation-Annotation_on_2023-04-14_at_17-17-12.png.png

    7. Click Save.
  2. Add users in Venn following the steps in this article.
    Users will be matched on email address, so make sure that users' email addresses in Okta match the email address on their user record in Venn.

Remove User Access from Venn when Okta is Your IdP with SAML Identity Management (No SCIM Provisioning)

You can remove access to Venn for a user by disabling or deleting their user account in Venn following the steps in this article. You may want to also unassign the app from users in Okta.

Was this article helpful?