The Okta App SCIM federated identity option allows user creation and management using SCIM functionality configured and managed in Okta.
If you are not interested in utilizing Okta's SCIM functionality, you can still configure Single Sign-On (SSO) with Okta App OIDC.
The Okta App SCIM federated identity option requires an Okta system administrator to configure SCIM within Okta.
IMPORTANT: Before configuring Okta App SCIM federated identity using the steps below, it is highly recommended that you set up a Xakia Support Account at your Xakia location to ensure minimal downtime during your switch to Okta App SCIM federated identity.
Xakia Location Administrator access is required for setting up Single-Sign-On. Please ensure that the member of IT managing Okta has a Xakia Location Admin user account setup. This account can be configured without Matter or Contract access and set as non-billable by contacting Xakia Support.
Features
When SCIM provisioning is enabled in the Xakia Okta app, the following provisioning features are supported by Xakia:
Create users: Users in Okta that are assigned to the Xakia application in Okta are automatically added as members to your Xakia location
Update user attributes: Updating user attributes in Okta will update their attributes in Xakia
Deactivate users: Users that are removed from the Xakia application in Okta or deactivated in Okta are deactivated in Xakia
Group push: User groups and memberships in Okta can be pushed to Xakia and be assigned access permissions
Requirements
Complete the steps here to install the Xakia App and configure OIDC authentication.
This integration is offered to all Xakia customers.
Step-by-step configuration instructions
Step 1: Xakia
Click on 'Admin' in the top navigation menu
Click on 'Users & Security' in the left hand menu
Click on the 'Federated Identity' tab
Choose Okta
Note down both the ‘SCIM Base URI’ and ‘SCIM API Key’ fields. Generate a new API key if one is not shown
Step 2: Okta
Browse the app catalog in Okta, search for Xakia, and add the Xakia app
This Application is in addition to the Application added in the OIDC configuration. You will have two Applications once the configuration of this one is complete.
Open the Xakia app in Okta and go to the 'Provisioning' tab
Select 'Configure' and then enable the API Integration
Enter the SCIM details from Xakia as noted in the previous step
Press test as a check, and then save
Now that the API is configured, enable the features by going to Provisioning --> To App. Click 'Edit' and select enable for creating, updating and deactivating users and press 'Save'
Go to 'Assignments' and click the 'Assign' button and ‘Assign to People’. Add legal team members to the assignments. Internal Client Portal users should not be added to the assignments
Users that are assigned to the Xakia app will be added to Xakia
Once 'added' to Xakia, each new Xakia user must be 'invited' by clicking the 'invite' button in Xakia. Existing Xakia users do not need to be re-invited and will be converted to use Okta when signing in
Troubleshooting and tips
The configuration will need to be completed for each of your Xakia locations. To do this, you will need to add a Xakia application for each location and complete the SCIM configuration. The OIDC configuration is to be completed only once.
When users are deactivated in Okta, they will be deactivated in Xakia. Users will not be able to log in to the application, but their data will remain available as an 'inactive user'.
When querying users, only the following properties will be returned:
Identifier
Active
External Identifier
This is a current limitation due to the distributed nature of the system.
Note: Internal Client Portal users must be assigned to the OIDC app in Okta to be automatically provisioned. They should not be assigned to the SCIM application.