Sync Data to User Reference Input Type Using SCIM with Okta

In this article, you will learn how to configure System for Cross-domain Identity Management (SCIM) mapping, using Okta as the identity provider (IdP), to configure mapping to provision user reference input type as a profile field.

• SCIM is already activated for your organization.
• You have already set up the default mapping in your identity provider.

You need to open the mapping of the application you created in Okta for user provisioning in order to add a new mapping for the user reference input type.

1. In general the process is similar to Creating Custom Attributes in Okta, you just need to consider a few things as described below during the process of creating a custom attribute.
2. To add a new attribute using the user reference, for example a manager, you have to consider a special configuration: The external name must have the extension .value.

Example of a Manager User Reference Custom Attribute

• Qualified SCIM name in Staffbase would be urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value (incl. the .value extension)
• External name in Okta would be: manager.value (incl. the .value extension)
• External namespace in Okta would be: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

3. After you added the new attribute, you need to do the mapping itself for the attribute you just created

The managerId field in the Okta user profile must match the Staffbase identifier or Staffbase user ID (not the username) of the corresponding manager user profile. The Staffbase identifier for the Okta SSO/SAML/SCIM implementation is typically the Okta User ID.

4. With the next provisioning, the custom field will now be provisioned in Staffbase and is ready for use.