EZOfficeInventory has now integrated with the SCIM protocol so you can manage the identity data of your employees on the cloud and seamlessly provision them access and user rights into the EZOfficeInventory application from any identity provider.
1. What is SCIM?
System for Cross-Domain Identity Management (SCIM) is an open standard that automates user provisioning for your organization. It communicates user identity data of your employees from identity providers to service providers.
An identity provider (IdP) is a system that contains a robust directory of user identities and single, consistent login credentials for each of your employees. Okta is an example. A service provider (SP) is an enterprise SaaS application that requires these user identities so your employees can log into the application.
The SCIM protocol ensures that any changes made to user identities in the IdP, such as Okta, are automatically synced in the SP i.e. EZOfficeInventory.
2. Why use SCIM?
Managing the user lifecycle is crucial for businesses. As companies grow or experience turnover, their employee count keeps changing. They need a quick and easy way to add or delete user accounts from their company directories and simultaneously authorize or revoke employees’ access to various business applications.
Our integration with SCIM simplifies the user experience by automating your user provisioning processes. It automatically creates, updates, and deletes users in your EZOfficeInventory account as you create, update, and delete them in IdP tools like Okta.
Since data is communicated automatically, it saves your IT teams valuable time and reduces the risk of error stemming from manual data entry.
EZOfficeInventory’s SCIM integration with Okta offers various benefits. These include:
- Centralized user management: Manage the user identities, access rights and privileges, and action permissions of your employees and teams from a single space.
- Compliance with security policy: Mitigate security risk with consistent login credentials and single-sign-on (SSO) capability as employees no longer need to sign in to each of their accounts individually. This also reduces the need for password resets.
- Ready-to-use integration: Save your IT team the effort of in-house custom development with our ready-to-use integration.
3. Use cases of SCIM-based user provisioning
There are four common use cases of user provisioning via SCIM in EZOfficeInventory. Okta helps with them in the following way:
- Creating: New employees are automatically provisioned with their respective EZOfficeInventory accounts when created in Okta.
- Reading: Data regarding employees and team resources can be queried from EZOfficeInventory to match it against existing Okta resources.
- Updating: Any changes in the profile attributes of an employee in Okta can automatically be updated in EZOfficeInventory.
- Deleting: An employee’s access to EZOfficeInventory is de-provisioned when the employee is deleted in Okta. This is typically done when the employee is on leave or has left the organization.
4. Implement SCIM user provisioning with EZOfficeInventory
Let’s walk you through some basic steps on how to implement SCIM-based user provisioning in EZOfficeInventory!
Step 1: Add the EZOfficeInventory application in Okta
Before you go ahead and enable the integration, you must first add the EZOfficeInventory application in your Okta account.
Note: The EZOfficeInventory application is not on the Okta marketplace yet. In the meanwhile, you can create a custom application for EZOfficeInventory in your Okta account.
The process is very simple.
1. In your Okta account, go to Applications → Add Application → Create New App.
2. Select ‘Web’ as the Platform and ‘Secure Web Authentication (SWA)’ as the Sign on method. Hit ‘Create’.
3. Input the details as shown below:
Enter the URL of the sign-in page to your company’s EZOfficeInventory account in the ‘App’s login page URL’ field.
4. Scroll below and specify ‘Email’ as the Application username. Click on ‘Finish’.
This shall create the custom application for EZOfficeInventory in your Okta account as illustrated.
5. Now, click on ‘Edit’ in the ‘General’ tab of your EZOfficeInventory Custom App page. Scroll down to the ‘Provision’ section. Select ‘SCIM’ and hit the ‘Save’ button.
This action will prompt another tab, ‘Provisioning’ on the custom application page.
You are now ready to enable the integration and deploy SCIM-based user provisioning.
Step 2: Enable the integration in EZOfficeInventory
To enable the integration in your EZOfficeInventory account, follow the pathway: Settings → Add Ons → User Provisioning via SCIM and select ‘Enabled’. Hit ‘Update’.
Enabling the setting reveals additional information shown below:
- SCIM Base Connector URL
- Connector Key
You will need to enter these two values in Step 3.
Step 3: Configure the SCIM connection in Okta
Navigate to your Okta account.
1. Open the ‘Provisioning’ tab on the EZOfficeInventory Custom App page and click ‘Edit’.
2. Input the details as shown, and click on ‘Save’.
Here’s a breakdown of everything you need to do:
- Add the SCIM Base Connector URL from Step 2 to its corresponding data field.
- Specify ‘email’ as the Unique identifier field for users.
- Select ‘HTTP Header’ as the Authentication Mode
- Input the ‘Connector Key’ from Step 2 in the Authorization field.
3. This shall pop open additional settings. Click ‘Edit’.
4. Select the relevant attributes and changes you wish to sync and click ‘Save’.
Provision settings are saved. You are now ready to create users in Okta and provision them access to EZOfficeInventory.
5. Provisioning user(s)
In your Okta account, follow this pathway to provision users in EZOfficeInventory via SCIM: EZOfficeInventory — Custom App → Assignments → Assign → Assign to People.
This opens up a dialog box from where you can click on ‘Assign’ for the user(s) you wish to provision for EZOfficeInventory.
The following overlay appears. Select ‘Save and Go Back’.
Your users have been assigned. Click on ‘Done’.
Now if you go to the ‘Members’ tab in your EZOfficeInventory account, you can see that the two users you assigned have been added in your EZOfficeInventory account.
6. Updating user information
SCIM also updates any changes you make to the user profiles in Okta. Let’s say, you just changed the default email address of an employee, Michael Kelso, in Okta.
To edit the user profile in Okta, go to Directory → People → Username → Profile → Edit. Edit the username and primary email address of Michael Kelso and click on ‘Save’.
Notice that the default email address for Micheal Kelso has been changed in your EZOfficeInventory account simultaneously.
7. De-provisioning user(s)
You can also de-provision the access of your employees to EZOfficeInventory. This may happen when an employee either leaves the team or the organization or is on a leave.
To de-provision a user, go to EZOfficeInventory — Custom App → Assignments in your Okta account. Click on the ‘x’ button next to the concerned user’s details.
Click on ‘OK’.
This shall unassign or de-provision the user from your EZOfficeInventory account.
You can see that Jackie Burkhart no longer exists in the Member logs of your EZOfficeInventory account as well.
EZOfficeInventory’s SCIM integration streamlines identity management and user provisioning of your employees with Okta. Soon, we will also be supporting other identity management platforms like One Login, etc.
EZOfficeInventory is the leading equipment tracking software. It allows you to track, maintain, and report on equipment from anywhere, at any time. We offer a free 15-day trial – no credit card required!