Cloud SCIM User Provisioning with Okta Identity Provider

Business Problem

You want to create user accounts on your Cloud Suite and want to use your corporate user accounts for authentication from Okta’s Identity Provider. You can automate the user provisioning on the cloud using SCIM (System for Cross-Domain Management) from Okta’s Identity Provider, which does support and is compatible with SCIM.

---

---

Tutorial

The Infor Cloud (inforSTS or Infor Security Token Service) can leverage Okta’s Identity Provider SCIM (System for Cross-domain Management) interface to automate user provisioning, deprovisioning, and updating of user accounts, giving access to corporate user accounts and enabling Single Sign On (SSO) capabilities when accessing the Infor Cloud Portal and enterprise applications.

Okta SCIM User Provisioning with Infor CloudSuite Portal

SCIM (System for Cross-domain Management) Cloud Portal to Okta Identity Provider Configuration

This video provides instructions on how to configure Okta SCIM to automate user provisioning, deprovisioning, and updating of user accounts and maintenance to the cloud portal.:

Familiarize yourself with the Infor Security Federation page and the Okta SCIM setup procedures.

By following the instructions in the video, you should now be able to set up the SCIM connection between the Cloudsuite portal and Okta Identity provider (IdP).

Best Practices

CloudSuite Portal to Okta’s Identity Provider SCIM setup through a Federated Connection

• Authentication to Infor CloudSuite solutions is accomplished by establishing a federation trust between Infor CloudSuite and a customer’s Identity Provider (e.g. Okta). 
• Supports SAML 2.0 or OpenlD connect.
• If using Okta’s OpenlD connect federation, the identity provider has to externally accessible.
• If you have multiple authentication sources, you can have up to 5 identity providers federated to a single lnfor CloudSuite tenant
• Infor supports ldP and SP initiated SSO and SLO.

Important deployment considerations when federating CloudSuite to Okta Identity Provider.

• If SCIM is not initially available, user provisioning can be handled manually or by file import or by enabling JIT on the federated connections.
• Custom SCIM mappings may be required and based on the Okta applications user attribute requirements.
• MFA requirements for users authenticating via the Okta federated connection will need to be configured on the Okta identity provider configuration.
• lnfor cloud identity accounts can be leveraged for guest users that do not exist within customers Okta system.

Resources

Okta SAML Federation Migration to Infor STS

Okta SCIM with Infor CloudSuite.

• SCIM Accounts
  • Okta user provisioning to Infor CloudSuite
  • Adding a SCIM user identifier and password
  • Deleting a SCIM user identifier and password
• SCIM Groups
  • Okta group provisioning to Infor CloudSuite
  • Adding a security role to a SCIM group
  • Removing a security role from a SCIM group
• Settings > General Settings
  • Manage Features
    • SCIM Service