add instructions to configure SCIM integration in Okta (#18710)

2025-04-06 14:35:32 +00:00 · 2024-10-08 09:57:45 +02:00 · 2024-10-08 09:57:45 +02:00 · 2a5c8c8a20
commit 2a5c8c8a20
parent 263914daa3
1 changed files with 27 additions and 11 deletions
--- a/integrations/cloud-authentication/metadata.yaml
+++ b/integrations/cloud-authentication/metadata.yaml
@ -125,6 +125,20 @@
      - The Space must be on a paid plan
      - OIDC/SSO integration must already be enabled in one of your Spaces

+      ### Supported Features
+      This integration adheres to SCIM v2 specifications. Supported features include:
+
+      - User Resource Management (urn:ietf:params:scim:schemas:core:2.0:User)
+      - Create users
+      - Update user attributes
+      - Deactivate users
+      - Patch operations: Supported
+      - Bulk operations: Not supported
+      - Filtering: Supported (max results: 200)
+      - Password synchronization: Not supported, as we rely on SSO/OIDC authentication
+      - eTag: Not supported
+      - Authentication schemes: OAuth Bearer Token
+
      ### Netdata Configuration Steps
      1. Click on the Space settings cog (located above your profile icon).
      2. Click on the **User Management** section and access **Authentication and Authorization** tab.
@ -136,6 +150,19 @@
         - **Base URL**: Use this URL as the base URL for your SCIM client.
         - **Token**: Use this token for Bearer Authentication with your SCIM client.

+      ## Client Configuration Steps
+
+      ### Okta
+      If you're configuring SCIM in Okta, and you already have the Token from the previous section, follow these steps:
+
+      1. Go to the **Applications** menu on the left-hand panel and select the **Netdata** application.
+      2. In the **Netdata** application, navigate to the **Provisioning** tab.
+      3. Click on **Configure API Integration** and check the box for **Enable API Integration**.
+      4. Enter the Token (obtained in the *Netdata Configuration Steps* section) into the **API Token** field, then click **Test API Credentials** to ensure the connection is successful.
+      5. If the test is successful, click **Save** to apply the configuration.
+
+      ## Troubleshoot
+
      ### Rotating the SCIM Token
      You can rotate the token provided during SCIM integration setup if needed.

@ -146,17 +173,6 @@
      4. Click **Regenerate Token**.
      5. If successful, you will receive a new token for Bearer Authentication with your SCIM client.

-      ### Supported Features
-      This integration adheres to SCIM v2 specifications. Supported features include:
-
-      - User Resource Management (urn:ietf:params:scim:schemas:core:2.0:User)
-      - Patch operations: Supported
-      - Bulk operations: Not supported
-      - Filtering: Supported (max results: 200)
-      - Password synchronization: Not supported, as we rely on SSO/OIDC authentication
-      - eTag: Not supported
-      - Authentication schemes: OAuth Bearer Token
-
      ### User Keying Between SCIM and OIDC
      Our SCIM (System for Cross-domain Identity Management) integration utilizes OIDC (OpenID Connect) to authenticate users.
      To ensure users are correctly identified and authenticated between SCIM and OIDC, we use the following mapping: