Jericho Security | Support

Okta Directory Integration

Written by Jericho Security Contributor | October 8, 2024

Directory Integration with Okta User Provisioning via SCIM 2.0

The following steps configure your Okta User Directory to send user information to Jericho Security so we can populate users and groups for the Phishing Simulator and Training Center.

  • Log into your Okta instance as an administrator

  • From the left menu, select "Applications"

  • Click "Create App Integration"

  • Check the "SAML 2.0" radio button, then click "Next"

    • Note, we are not setting up a SAML integration, however there is no SCIM only integration

  • Set the App Name to whatever you like, e.g. "Jericho Security Directory Sync"

  • Under "App Visibility", check both boxes to not display the application icon, then click "Next".

  • For "Sign sign-on URL" enter "https://jerichosecurity.com"

  • For "Audience URI" enter "https://jerichosecurity.com"

  • For "Name ID format" select "EmailAddress"

  • For "Application username" select "Email"

  • Click "Next"

  • If desired, on the Feedback page you can select "I'm an Okta customer adding an internal app"

  • Click "Finish"

  • Below the App name in the center panel, select "General"

  • Click "Edit"

  • Click "Enable SCIM provisioning" and "Save"

  • Click the "Provisioning" tab.

  • To the right of the "SCIM Connection" header click "Edit"

  • For the SCIM connector base URL enter "https://app.jerichosecurity.com/scim_v2"

  • The "Unique identifier field for users" should be set to "email"

  • For "Supported provisioning actions" check "Push New Users", "Push Profile Updates", and "Push Groups".

  • For "Authentication Mode" select "HTTP Header"

  • Enter your “Authorization Bearer Token”, it is the “SCIM API Key” located in your Jericho Security integration settings.

  • Click "Test Connector Configuration", you should see "Connector configured successfully" and green checks next to everything but "User Import" and "Import Groups".

  • Click "Save"

  • Under "Provisioning to App" click "Edit"

  • Under "Create Users" check "Enable"

  • Under "Update User Attributes" check "Enable"

  • Under "Deactivate Users" check "Enable"

  • Click "Save"

  • Go to the "Assignments" Tab

  • Click "Assign" and assign the app to all the people and groups you'd like to be able to send Training and Phishing simulation emails to from Jericho.

  • Once the app is assigned, go back to the "Provisioning" tab and click on "Force Sync"

All done! Okta typically starts syncing with Jericho after a few minutes, and may take a few hours to complete.

 
View full post