Okta Integration
Affinity supports an Okta SCIM integration to automatically provision learners into and offboard learners out of your account. Learners will use their Okta login to securely access Affinity as well.
Last updated
Affinity supports an Okta SCIM integration to automatically provision learners into and offboard learners out of your account. Learners will use their Okta login to securely access Affinity as well.
Last updated
Use the following guide to set up your Okta integration. Note this is only available for certain plans. Contact your Affinity account manager to learn more.
After you have finished the steps for OIDC and SCIM from the Okta Setup PDF, you may want to double check some of your data. Below, we'll outline specific things you should look out for.
With SCIM enabled, you will need to make sure that the following fields are set properly and we are receiving them from your Okta instance:
title
department
manager.value
This should be the email address of the persons manager (if they have a manager).
displayName
address.primary.region
This maps to the state/region in Affinity. This need not be a US state, but any geographic designation.
These are default fields that Okta generally sends for any application that is configured. You will know if you are sending these from your Okta instance correctly if the learner's name, department, state, title, and managers are showing up accurately in Affinity (reminder: if you don't see the change immediately, wait a few minutes for the updates to process).
Additionally, you will need to configure mapping for the following fields. This guide is a reference: Custom Okta Fields
Above we mentioned the standard field values which come from Okta, but you have the ability to configure custom field values as well, such as:
startDate
anniversaryDate
We strongly encourage you to configure the startDateas it is instrumental to many of our workflows. If you do not configure this value, it will default to the current date that a learner was imported into Affinity.
Within Okta, you have the ability to perform custom transformations of fields. For example, you might be storing the "Division" in Okta and the "Work Location" in Okta and you want your learners to have a "Department" in Affinity of "Division - Work Location", such as "Customer Service - Philippines". To enable this, you can create a custom mapping expression to transform and pass attributes to a specific application using App User Profile Mappings.
You will need these custom field mappings to be assigned to one of the standard fields, such as department, which we referenced above.
Affinity can also support custom field mappings from your Okta on the Affinity side. You would create custom fields using the Custom Okta Fieldsguide and inform us of the mapping which you want, such as "Department = user.division - user.workLocation". Then we would configure the mapping on our end. The downside to this method is if you ever want to change the mapping, you must rely on Affinity to perform the change, versus your own IT team.
For adding new users, we recommend going slowly with testing this on your end with 2-4 users. Once you set up SCIM, it usually takes about 5-10 minutes from adding a user in your Okta portal to hit our system after all the webhooks from Okta get fired to Auth0 get fired to us. After you add the first few users, verify the fields have come in correctly. Once you feel confident, you can add the rest of the learners.
If you have doubts or questions about field mappings, please contact [email protected] or your Affinity account manager and we can help you figure out the right way to utilize the Okta setup.