Sync Data to User Reference Input Type Using SCIM with Okta

Learn how to configure SCIM mapping to provision user reference input type for profile fields.

Employee App
Front Door Intranet

In this article, you will learn how to configure System for Cross-domain Identity Management (SCIM) mapping, using Okta as the identity provider (IdP), to configure mapping to provision user reference input type as a profile field.

This article shows Okta as the IdP to configure SCIM. The same is applicable for managing SCIM using other IdPs. Learn more about other supported IdPs.

Prerequisites

Add new mapping for user reference input type

You need to open the mapping of the application you created in Okta for user provisioning in order to add a new mapping for the user reference input type.

  1. In general the process is similar to Creating Custom Attributes in Okta, you just need to consider a few things as described below during the process of creating a custom attribute.
  2. To add a new attribute using the user reference, for example a manager, you have to consider a special configuration: The external name must have the extension .value.
User Reference SCIM Mapping

Example of a Manager User Reference Custom Attribute

  • Qualified SCIM name in Staffbase would be urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value (incl. the .value extension)
  • External name in Okta would be: manager.value (incl. the .value extension)
  • External namespace in Okta would be: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

If you are adding the mapping for a custom profile field, you need to create the custom attribute and paste it into the Qualified SCIM name field for the custom field in the Staffbase Studio.
The schema will look like this: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value.
Ensure to add the .value at the end, which is not part of the target attribute schema.

  1. After you added the new attribute, you need to do the mapping itself for the attribute you just created
User Reference Mapping SCIM Mapping

The managerId field in the Okta user profile must match the Staffbase identifier or Staffbase user ID (not the username) of the corresponding manager user profile. The Staffbase identifier for the Okta SSO/SAML/SCIM implementation is typically the Okta User ID.

  1. With the next provisioning, the custom field will now be provisioned in Staffbase and is ready for use.