[How-to] Implement User Provisioning via SCIM with EZOfficeInventory and Okta


EZOfficeInventory has now integrated with the SCIM protocol so you can manage the identity data of your employees on the cloud and seamlessly provision them access and user rights into the EZOfficeInventory application from any identity provider.

1. What is SCIM?

System for Cross-Domain Identity Management (SCIM) is an open standard that automates user provisioning for your organization. It communicates user identity data of your employees from identity providers to service providers.

An identity provider (IdP) is a system that contains a robust directory of user identities and single, consistent login credentials for each of your employees. Okta is an example. A service provider (SP) is an enterprise SaaS application that requires these user identities so your employees can log into the application.

The SCIM protocol ensures that any changes made to user identities in the IdP, such as Okta, are automatically synced in the SP i.e. EZOfficeInventory.

2. Why use SCIM?

Managing the user lifecycle is crucial for businesses. As companies grow or experience turnover, their employee count keeps changing. They need a quick and easy way to add or delete user accounts from their company directories and simultaneously authorize or revoke employees’ access to various business applications.

Our integration with SCIM simplifies the user experience by automating your user provisioning processes. It automatically creates, updates, and deletes users in your EZOfficeInventory account as you create, update, and delete them in IdP tools like Okta.

Since data is communicated automatically, it saves your IT teams valuable time and reduces the risk of error stemming from manual data entry.

EZOfficeInventory’s SCIM integration with Okta offers various benefits. These include:

  • Centralized user management: Manage the user identities, access rights and privileges, and action permissions of your employees and teams from a single space.
  • Compliance with security policy: Mitigate security risk with consistent login credentials and single-sign-on (SSO) capability as employees no longer need to sign in to each of their accounts individually. This also reduces the need for password resets.
  • Ready-to-use integration: Save your IT team the effort of in-house custom development with our ready-to-use integration.

3. Use cases of SCIM-based user provisioning

There are four common use cases of user provisioning via SCIM in EZOfficeInventory. Okta helps with them in the following way:

  1. Creating: New employees are automatically provisioned with their respective EZOfficeInventory accounts when created in Okta.
  2. Reading: Data regarding employees and team resources can be queried from EZOfficeInventory to match it against existing Okta resources.
  3. Updating: Any changes in the profile attributes of an employee in Okta can automatically be updated in EZOfficeInventory.
  4. Deleting: An employee’s access to EZOfficeInventory is de-provisioned when the employee is deleted in Okta. This is typically done when the employee is on leave or has left the organization.

4. Implement SCIM user provisioning with EZOfficeInventory

Let’s walk you through some basic steps on how to implement SCIM-based user provisioning in EZOfficeInventory!

Step 1: Add the EZOfficeInventory application in Okta

Before you go ahead and enable the integration, you must first add the EZOfficeInventory application in your Okta account.

Note: The EZOfficeInventory application is not on the Okta marketplace yet. In the meanwhile, you can create a custom application for EZOfficeInventory in your Okta account.

The process is very simple.

1. In your Okta account, go to Applications → Add Application → Create New App.

1. Create new app in okta

Note: In case you don’t see the Applications tab, click on Admin in the top-right corner and this will take you to the appropriate page.

2. Select ‘Web’ as the Platform and ‘Secure Web Authentication (SWA)’ as the Sign on method. Hit ‘Create’.

2. Create a new application integration

3. Input the details as shown below:

3. Filling in SCIM details

Enter the URL of the sign-in page to your company’s EZOfficeInventory account in the ‘App’s login page URL’ field.

4. Scroll below and specify ‘Email’ as the Application username. Click on ‘Finish’.

4. How will your users sign in

This shall create the custom application for EZOfficeInventory in your Okta account as illustrated.

5. Now, click on ‘Edit’ in the ‘General’ tab of your EZOfficeInventory Custom App page. Scroll down to the ‘Provision’ section. Select ‘SCIM’ and hit the ‘Save’ button.

6. Choose SCIM

This action will prompt another tab, ‘Provisioning’ on the custom application page.

You are now ready to enable the integration and deploy SCIM-based user provisioning.

Step 1.2: SCIM for non-premium users

Alternatively, for non-premium users go to the Okta search bar on the homepage and search for SCIM 2.0 shown in the image below:

Then you go to the Provisioning tab and select ‘To App’ from Settings.

Click on Edit on the right corner and Enable the first three settings.

Then go to Settings Integration under the Provisioning tab. Click on Edit and enter the Base URL and API Token from the EZOfficeInventory application and hit save.

Note: See format for API Token below. Need to enter Bearer and space before pasting the token.

Step 2: Enable the integration in EZOfficeInventory

To enable the integration in your EZOfficeInventory account, follow the pathway: Settings → Add Ons → User Provisioning via SCIM and select ‘Enabled’. Hit ‘Update’.

Enabling the setting reveals additional information shown below:

  • SCIM Base Connector URL
  • Connector Key

You will need to enter these two values in Step 3.

In addition to this, you can also map some default fields including the User Listing for members to the attributes of SCIM payload.

For instance, you want to map Department in Okta. For this you have to write mapping attribute from the SCIM payload in the Department field. This is how the attributes display in Okta:

The type of mapping required for every field can be determined from here.

Note: User attribute mappings are optional.

Step 3: Configure the SCIM connection in Okta

Navigate to your Okta account.

1. Open the ‘Provisioning’ tab on the EZOfficeInventory Custom App page and click ‘Edit’.

2. Input the details as shown, and click on ‘Save’.

8. Setting up the provisions tab

Here’s a breakdown of everything you need to do:

  • Add the SCIM Base Connector URL from Step 2 to its corresponding data field.
  • Specify ‘email’ as the Unique identifier field for users.
  • Select ‘HTTP Header’ as the Authentication Mode
  • Input the ‘Connector Key’ from Step 2 in the Authorization field.

3. This shall pop open additional settings. Click ‘Edit’.

9. Edit additional settings in Okta

4. Select the relevant attributes and changes you wish to sync and click ‘Save’.

10. Provisioning to app

Provision settings are saved. You are now ready to create users in Okta and provision them access to EZOfficeInventory.

5. Provisioning user(s)

In your Okta account, follow this pathway to provision users in EZOfficeInventory via SCIM: EZOfficeInventory Custom App → Assignments → Assign → Assign to People.

11. Assign to people

This opens up a dialog box from where you can click on ‘Assign’ for the user(s) you wish to provision for EZOfficeInventory.

12. Assign people to EZOfficeInventory

The following overlay appears. Select ‘Save and Go Back’.

13. Save and go back

Your users have been assigned. Click on ‘Done’.

14. people assigned

Now if you go to the ‘Members’ tab in your EZOfficeInventory account, you can see that the two users you assigned have been added in your EZOfficeInventory account.

15. Members in EZOfficeInventory

6. Updating user information

SCIM also updates any changes you make to the user profiles in Okta. Let’s say, you just changed the default email address of an employee, Michael Kelso, in Okta.

To edit the user profile in Okta, go to Directory → People → Username → Profile → Edit. Edit the username and primary email address of Michael Kelso and click on ‘Save’.

16. Editing user information

Notice that the default email address for Micheal Kelso has been changed in your EZOfficeInventory account simultaneously.

17. edited users in EZOfficeInventory

7. De-provisioning user(s)

You can also de-provision the access of your employees to EZOfficeInventory. This may happen when an employee either leaves the team or the organization or is on a leave.

To de-provision a user, go to EZOfficeInventory — Custom App → Assignments in your Okta account. Click on the ‘x’ button next to the concerned user’s details.

18. Deprovision a user

Click on ‘OK’.

19. Unassign user

This shall unassign or de-provision the user from your EZOfficeInventory account.

You can see that Jackie Burkhart no longer exists in the Member logs of your EZOfficeInventory account as well.

EZOfficeInventory’s SCIM integration streamlines identity management and user provisioning of your employees with Okta. Soon, we will also be supporting other identity management platforms like One Login, etc.

About EZOfficeInventory!

EZOfficeInventory is the leading equipment tracking software. It allows you to track, maintain, and report on equipment from anywhere, at any time. We offer a free 15-day trial – no credit card required!

Don't forget to share this post!