This document provides information for setting up Okta SCIM 2.0 provisioning with Cavrnus. If you use a different identity provider, please contact us for assistance.
Supported Features
The Okta/Cavrnus SCIM integration currently supports the following provisioning actions for users assigned the Cavrnus application in Okta:
Okta to Cavrnus New Users
Okta to Cavrnus Profile Updates
Upon receiving a new user or updates to an existing user, Cavrnus will assign a license automatically if there are licenses available.
Setup Guide
In Cavrnus, navigate to Account Info and find the SCIM 2.0 Provisioning feature and click Configure.
If not enabled, toggle the Allow provisioning of users using SCIM 2.0. The Connector base URL and Authorization token settings will be visible. You will need these settings to configure SCIM provisioning in Okta.
In another browser tab, login to your Okta account.
Navigate to Applications and click on the Cavrnus application. If you do not see the Cavrnus application, you will need to set that up first by configuring SAML 2.0.
Under the General tab, find App Settings section and click on Edit.
Check the Enable SCIM provisioning option and click Save.
Under the Provisioning Tab, select Integration settings if it's not already selected and click Edit.
Enter the SCIM connector base URL from the Cavrnus SCIM 2.0 Settings page in step #2.
For the Unique identifier field for users field, enter the value:
email
For the Supported provisioning actions field, enable
Push New Users
Push Profile Updates
For the Authentication Mode field, select HTTP Header
In the HTTP Header section, set the Authorization field to the authorization token from the Cavrnus SCIM 2.0 Settings page in step #2.
Click Test Connector Configuration to verify the settings are working.
Click Save.
Under the Provisioning Tab, select To App settings if it's not already selected and click Edit.
This document provides information for setting up Okta SAML integration with Cavrnus. If you use a different identity provider that is not compatible, please contact us for assistance.
Supported Features.
The Okta/Cavrnus SAML integration currently supports the following features:
SP-initiated SSO
IdP-initiated SSO
JIT (Just In Time) Provisioning
For more information on the listed features, please visit the Okta Glossary.
Setup Guide.
Login to your Okta account
Navigate to Applications and click on the Create App Integration button.
Select the SAML 2.0 option and click Next.
While following the prompts, enter the following:
App name
Cavrnus
Single sign on URL
https://api.dev.cavrn.us/api/sso/saml2
Audience URI (SP Entity ID)
https://cav.dev.cavrn.us
Name ID format
EmailAddress
Application username
Email
Attributes
After creating the application, navigate to the Sign On tab of the application and click on View Setup Instructions. You will use the information from the instructions page to configure your Carvnus account.
From the main menu of your Cavrnus Account Administration site, go to Account Info.
Find the SAML 2.0 Authentication feature and click the Configure button.
The settings dialog presents two options for configuring the integration. You can automatically configure the integration by uploading the metadata from Okta or you can manually enter the configuration values.
Option 1: Uploading Metadata (Recommended)
Click on Upload Metadata
In Okta's SAML Setup Instructions page, find the Optional section that shows the Provide the following IDP metadata to your SP provider subsection. Copy this value and paste this value into the Enter IDP metadata field and click Upload. If successful, you should see the configuration settings filled in for you.
Option 2: Manual Configuration
Enter the Name of your identity provider, such as "Okta", or the internal name your company uses for SSO. This name is used by Cavrnus for SP initiated login flows, prompts, and buttons.
From Okta's SAML Setup Instructions page, enter the following values.
Single Sign-On URL
Issuer
X.509 Certificate
Ensure the Allow users to login using SAML switch is enabled and click Save
Test the integration by opening a new incognito browser and log in to Cavrnus using SAML.
Provisioning.
Cavrnus will provision (create) users and assign a valid license upon authenticating the SAML response from the IdP.
Subsequent authentications will also update any already provisioned user from name attributes contained in the SAML response.