Learn how to configure SCIM mapping to provision user reference input type for profile fields.
In this article, you will learn how to configure System for Cross-domain Identity Management (SCIM) mapping, using Okta as the identity provider (IdP), to configure mapping to provision user reference input type as a profile field.
This article shows Okta as the IdP to configure SCIM. The same is applicable for managing SCIM using other IdPs. Learn more about other supported IdPs.
- SCIM is already activated for your organization.
- You have already set up the default mapping in your identity provider.
You need to open the mapping of the application you created in Okta for user provisioning in order to add a new mapping for the user reference input type.
- In general the process is similar to Creating Custom Attributes in Okta, you just need to consider a few things as described below during the process of creating a custom attribute.
- To add a new attribute using the user reference, for example a manager, you have to consider a special configuration: The external name must have the extension
.value
.
Example of a Manager User Reference Custom Attribute
- Qualified SCIM name in Staffbase would be
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value
(incl. the.value
extension) - External name in Okta would be:
manager.value
(incl. the.value
extension) - External namespace in Okta would be:
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
If you are adding the mapping for a custom profile field, you need to create the custom attribute and paste it into the Qualified SCIM name field for the custom field in the Staffbase Studio.
The schema will look like this: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value.
Ensure to add the .value at the end, which is not part of the target attribute schema.
- After you added the new attribute, you need to do the mapping itself for the attribute you just created
The managerId
field in the Okta user profile must match the Staffbase identifier or Staffbase user ID (not the username) of the corresponding manager user profile. The Staffbase identifier for the Okta SSO/SAML/SCIM implementation is typically the Okta User ID.
- With the next provisioning, the custom field will now be provisioned in Staffbase and is ready for use.