1. Splashtop Business - Support
  2. Account
  3. Single Sign-On (SSO)

Provisioning setup - Okta (SCIM) (EU region)

Avatar
Support

Features

The following provisioning features are supported by Splashtop/Okta integration.

  • Create users - Users in Okta that are assigned to Splashtop application on Okta will be automatically created to your Splashtop team.
  • Update users - The update of the first/last/display name for users in Okta that are assigned to Splashtop application on Okta will be automatically updated to your Splashtop users on the team.
  • Delete users - When users in Okta are removed from Splashtop application on Okta, the created users on your Splashtop team will be deleted or removed from the team.
  • Push groups - Groups and their members in Okta can be pushed to your Splashtop team (as Splashtop groups and users)

Requirements

Splashtop / Okta provisioning is supported with Splashtop Enterprise. More details, please contact Sales.

Configuration Steps

Add Splashtop app on Okta console
Follow the link to add the Splashtop application with SAML and provisioning supported: Link.
Configure Provisioning - Enable Provisioning
  1. On the created app, go to General tab, click Edit then check SCIM, then click Save.
    scim_eu_1.png
  2. After step 1 you will have a Provisioning tab, go to the tab then click Edit. Then insert below info:

    SCIM connector base URL: https://my.splashtop.eu/scim/v1
    Unique identifier field for users: email
    Supported provisioning actions: Check option one to four.
    Authentication Mode: Select HTTP Header.

    So it will look like this:
    scim_eu_19.png
  3. On the same Provisioning tab, after done step 2, go to HTTP Header / Authentication, to insert the token. You can get the token from this article: How to find my Secret token .

    After inserting the token, click Test Connector Configuration, there will be a popup telling you the supported actions, which are User Import, Import Profile Updates, Create Users, Update User Attributes, and Push Groups (no Import Groups support).

    Then close the popup window then click Save.
    scim_eu_6.png
    scim_eu_3.png

  4. After step 3, click Edit then enable Create Users, Update User Attributes and Deactivate Users. Leave Sycn Password disabled. Then Save.
    scim_eu_7.png

Configure Provisioning - Create a mapping
  1. Also in the Provisioning tab. Click Go to Profile Editor.
    scim_eu_15.png
  2. Click Add attribute,
    scim_eu_8.png

    Then insert below info.
    Data type: Select string
    Display name: ssoName
    Variable namessoName
    External namessoName
    External namespace: urn:ietf:params:scim:schemas:core:2.0:User
    Attribute required: Yes

    Then click Save.
    scim_eu_10.png
  3. Go back to Profile Editor, then click Mappings.
    scim_eu_9.png
  4. Select Okta User to "your created app name".
    scim_eu_16.png
  5. Sroll down to the bottom to find ssoName attribute you just created, then insert the SSO method name created on my.splashtop.eu. Pleaser insert with the format "sso method name". Then click Save Mappings.
    scim_eu_14.png
  6. You can also leave this setting but when Assign users/groups, assign the ssoName:
    mapping3_en-us.png
Start provisioning - Assign users/groups to the application and Push Groups
  1. Provision users: Go to Assignments tab, click Assign to Assign to People or Assign to Groups.
    This will provision users and users in the group.
    scim_eu_17.png
  2. Provision groups
    - Go to Assignments tab, click Assign to Assign to Groups, then assign the groups you would like to provision.
    - Go to Push Groups tab, click +Push Groups button to add the group you would like to provision.
    After configuring both the groups will be provisioned.
    scim_eu_18.png

Known issues / Troubleshooting

    • Updating userName/Email is not supported because it would be your Splashtop account on our system.
    • On a Splashtop team, a user can only be in one group, thus when doing Push Group with members, please make sure there will be no situations that a member is in two groups.
    • Push Now function is not supported at this moment.
    • Add a user to a provisioned Group (under Push Group) is not supported at this time due to Okta's limitation, which means this action will only provision the user to the default group, instead of the provisioned Group.
      The workaround is make sure the user has been added to the group when adding the group to Push Group.
      For an existing group under Push Group, remove the group from the Splashtop app on Okta, add all the users you would like to assign to the group, then add the group back to Push Group can work the limitation around.
0 out of 0 found this helpful

Articles in this section

See more