🔐Okta Integration

Use the following guide to set up your Okta integration. Note this is only available for certain plans. Contact your Affinity account manager to learn more.

Additional Notes for a Successful Setup

After you have finished the steps for OIDC and SCIM from the Okta Setup PDF, you may want to double check some of your data. Below, we'll outline specific things you should look out for.

Double Check Standard Field Values

With SCIM enabled, you will need to make sure that the following fields are set properly and we are receiving them from your Okta instance:

• title

• department

• manager.value

  • This should be the email address of the persons manager (if they have a manager).

• displayName

• address.primary.region

  • This maps to the state/region in Affinity. This need not be a US state, but any geographic designation.

These are default fields that Okta generally sends for any application that is configured. You will know if you are sending these from your Okta instance correctly if the learner's name, department, state, title, and managers are showing up accurately in Affinity (reminder: if you don't see the change immediately, wait a few minutes for the updates to process).

Double Check Custom Field Values

Additionally, you will need to configure mapping for the following fields. This guide is a reference: Custom Okta Fields

Above we mentioned the standard field values which come from Okta, but you have the ability to configure custom field values as well, such as:

• startDate

• anniversaryDate

We strongly encourage you to configure the startDateas it is instrumental to many of our workflows. If you do not configure this value, it will default to the current date that a learner was imported into Affinity.

Custom Field Value Mapping via Okta

Within Okta, you have the ability to perform custom transformations of fields. For example, you might be storing the "Division" in Okta and the "Work Location" in Okta and you want your learners to have a "Department" in Affinity of "Division - Work Location", such as "Customer Service - Philippines". To enable this, you can create a custom mapping expression to transform and pass attributes to a specific application using App User Profile Mappings.

You will need these custom field mappings to be assigned to one of the standard fields, such as department, which we referenced above.

Custom Field Value Mapping in Affinity

Affinity can also support custom field mappings from your Okta on the Affinity side. You would create custom fields using the Custom Okta Fieldsguide and inform us of the mapping which you want, such as "Department = user.division - user.workLocation". Then we would configure the mapping on our end. The downside to this method is if you ever want to change the mapping, you must rely on Affinity to perform the change, versus your own IT team.

Testing before Going Live

For adding new users, we recommend going slowly with testing this on your end with 2-4 users. Once you set up SCIM, it usually takes about 5-10 minutes from adding a user in your Okta portal to hit our system after all the webhooks from Okta get fired to Auth0 get fired to us. After you add the first few users, verify the fields have come in correctly. Once you feel confident, you can add the rest of the learners.

If you have doubts or questions about field mappings, please contact [email protected] or your Affinity account manager and we can help you figure out the right way to utilize the Okta setup.