1. Help Center
  2. Integrations
  3. Security and Single Sign-On (SSO)

Okta Integration: User Provisioning Setup

User Provisioning with Okta

Time to read: 5 minutes

If you are looking for SSO setup with Okta, see SSO Setup

 

Main takeaways:

  • The integration enables you to use Okta for user provisioning service when accessing Forecast 
  • To sign in to Forecast with your Okta account, your user email has to be the same in both Forecast and Okta. This can be set up manually in Forecast or provisioning can be used to automatically create users in Forecast from Okta
  • This integration is especially useful for enterprise customers as the integration adds an extra layer of security 
  • Note: This integration is available for Enterprise customers only

Features

The following provisioning features are supported:

  • Push New Users - New users created through OKTA will also be created in Forecast
  • Push Profile Updates - Updates made to the user's profile through OKTA will be pushed to Forecast
  • Push User Deactivation/reactivation - Deactivating the user or disabling the user's access to the application through OKTA will deactivate the user in Forecast
  • Import New Users - New users created in Forecast will be downloaded and turned in to new AppUser objects, for matching against existing OKTA users

 

Setting up provisioning

Step 1: Go to Your Org section of Okta

2020-07-02 (12)

 

 

Step 2: Click Add Apps

2020-07-02 (5)

 

Step 3: Find Forecast in the application catalogue, and click Add Apps

 

Step 4: Select Do not display application icon to users and Do not display application icon in the Okta Mobile App. Also uncheck the "Automatically log in when user lands on login page"

Okta_setup_1-1

 

Step 5: In the Sign-On Options screen, set the Application username format to Email

 

To add the provisioning feature of the Forecast application, navigate to the Applications section in Okta and click the Add Application button.

 

 

Configure your Provisioning settings for Forecast 

Step 1: Find your SCIM username and password in Forecast here: https://app.forecast.it/settings/catalog/okta

 

Step 2: Go to the Forecast application inside Okta and select the Provisioning tab

 

Step 3: Click the Configure API Integration

 

Step 4: Scroll down and select the Provisioning Features you want to enable

Okta_setup_2

 

Step 5: Click the "Enable API integration" and fill in the Username and Password received from Step 1.

Step 6: Click the "Test API Credentials" and you should see a confirmation like this:

Okta_setup_3

 

Troubleshooting and Tips

If you find any problems, don't hesitate to contact us at info@forecast.it or on the chat.