User Provisioning with Okta
Time to read: 5 minutes
If you are looking for SSO setup with Okta, see SSO Setup
- The integration enables you to use Okta for user provisioning service when accessing Forecast
- To sign in to Forecast with your Okta account, your user email has to be the same in both Forecast and Okta. This can be set up manually in Forecast or provisioning can be used to automatically create users in Forecast from Okta
- This integration is especially useful for enterprise customers as the integration adds an extra layer of security
- Note: This integration is available for Enterprise customers only
The following provisioning features are supported:
- Push New Users - New users created through OKTA will also be created in Forecast
- Push Profile Updates - Updates made to the user's profile through OKTA will be pushed to Forecast
- Push User Deactivation/reactivation - Deactivating the user or disabling the user's access to the application through OKTA will deactivate the user in Forecast
- Import New Users - New users created in Forecast will be downloaded and turned in to new AppUser objects, for matching against existing OKTA users
Setting up provisioning
Step 1: Go to Your Org section of Okta
Step 2: Click Add Apps
Step 3: Find Forecast in the application catalogue, and click Add Apps
Step 4: Select Do not display application icon to users and Do not display application icon in the Okta Mobile App. Also uncheck the "Automatically log in when user lands on login page"
Step 5: In the Sign-On Options screen, set the Application username format to Email
To add the provisioning feature of the Forecast application, navigate to the Applications section in Okta and click the Add Application button.
Configure your Provisioning settings for Forecast
Step 1: Find your SCIM username and password in Forecast here: https://app.forecast.it/settings/catalog/okta
Step 2: Go to the Forecast application inside Okta and select the Provisioning tab
Step 3: Click the Configure API Integration
Step 4: Scroll down and select the Provisioning Features you want to enable
Step 5: Click the "Enable API integration" and fill in the Username and Password received from Step 1.
Step 6: Click the "Test API Credentials" and you should see a confirmation like this:
Troubleshooting and Tips
If you find any problems, don't hesitate to contact us at firstname.lastname@example.org or on the chat.