With the Okta user provisioning integration, you can facilitate and automate the import of your users into Forecast, without having to manually add users when they join your business. By enabling user provisioning, you will only have to manage users only from your Okta directory, ensuring security, data accuracy, and compliance across your organization.
This article includes:
Adding Forecast to your Okta apps
Before you may begin configuring provisioning to Forecast in Okta, it is necessary to add Forecast as an application in Okta. This whole process may only be done by admins in both Forecast and Okta.
To add Forecast as an application in Okta.
- Head to Okta and click on the Admin button.
- On the user single sign-on section click on Add App.
- Search for Forecast in the application catalog, and click on it.
- Click on Add Integration.
- (Optional) Select whether you would like to display the Forecast application icon in Okta to other users.
- Click Next.
- In the Sign-On Options screen, set the Application username format to Email.
- Click Done.
Configuring provisioning to Forecast in Okta
To add the provisioning feature of the Forecast application, navigate to the Applications section in Okta and click the Add Application button. Once that is done follow the steps provided below to configure provisioning. Before proceeding with configuring provisioning it is important to know what provisioning features the integration supports:
- Push New Users - New users created through OKTA will also be created in Forecast
- Push Profile Updates - Updates made to the user's profile through OKTA will be pushed to Forecast
- Push User Deactivation/reactivation - Deactivating the user or disabling the user's access to the application through OKTA will deactivate the user in Forecast
- Import New Users - New users created in Forecast will be downloaded and turned into new AppUser objects, for matching against existing OKTA users
To configure provisioning to Forecast in Okta
- Find your SCIM username and password from the admin panel.
- Click on Admin in the top bar.
- Select Integrations from the dropdown.
- Scroll to the SSO integrations and click on Okta. The SCIM username and password will be displayed there.
- Head to Okta's application page and select Forecast
- Click on the Provisioning tab.
- Click on the Configure API Integration.
- Scroll down to select the Provisioning Features you want to enable.
- Click the "Enable API integration" and fill in the Username and Password received from Step 1.
- Click the "Test API Credentials" to enable provisioning. A confirmation message will be displayed once completed.
Custom permission profiles provisioning
For custom permission users, when a user is provisioned, Forecast searches for a “Permission Profile” with the same name as the user type sent from the single-sign-on platform. This check is just comparing names case insensitive. If it doesn’t find a match, it will default to the profile called ‘Collaborator’. If that doesn’t exist either, the provisioning of the user will fail.