Automatic provisioning in OKTA allows you to manage users and groups in Mentimeter directly from your Identity Provider (IdP). This setup ensures that users are automatically added, updated, or removed from Mentimeter based on changes made in your OKTA system, streamlining user management and ensuring consistency across platforms. See this overview of SCIM and how it can enable your organisation to automate managing members more.
Below you’ll find a step-by-step guide to set up automatic provisioning in OKTA for Mentimeter.
Prerequisites
Before you begin, ensure the following:
Admin Access: You must have admin rights in both Mentimeter and OKTA.
Mentimeter Enterprise Subscription: Ensure that your Mentimeter account is on the Enterprise plan.
SSO setup with OKTA: You must have SSO configured in OKTA before setting up SCIM. If you have not yet configured SSO, please see SSO Configuration in OKTA
SCIM Token: Generate a SCIM API token from Mentimeter’s Workspace Settings (see step 3. We recommended generating the API token from the owner account of the workspace)
Have at least one verified domain, please see this article for how to verify your domains.
1. Select Application
Log in to your OKTA Admin dashboard, then navigate to Applications and select the Mentimeter application. If you don’t have one set up, please see SSO Configuration in OKTA
2. Configure the SCIM Provisioning
In the Mentimeter application within OKTA, click on Edit App Settings and then change the Provisioning from "None/On-Premises Provisioning" to "SCIM" and then click on save.
Go to the Provisioning tab and click on Edit.
In Mentimeter, navigate to Workspace Settings and scroll down to Connect SCIM.
Then, copy the Base URL and generate a new SCIM token. Copy the token securely.
Note that if you’re unable to see the fields for Base URL and where to generate the Secret API token, you may need to verify your domains first. See the prerequisites list at the top of this article.
Enter SCIM Details in OKTA
In OKTA, paste the copied Base URL into the SCIM Base URL field.
Input “userName” in the field of “Unique identifier field for users”
Recommended action is to enable the first three check fields under “Supported provisioning actions”
You may want to skip “Push Groups” and “Import Groups” but this depends on how you will use Mentimeter within your organisation. Reach out to your sales contact for a more personal recommendation.
Choose “HTTP Header” as the “Authentication Mode” and paste the generated SCIM secret token into the Token field.
Click on Test Connector Configuration to ensure that the connection is successfully established.
If successful, click Save.
3. Enable Automatic Provisioning
Navigate to the To App section within the Provisioning tab and click on Edit and enable the provisioning actions:
Create Users
Update User Attributes
Deactivate Users
Click Save to enable automatic provisioning.
The last one, “Sync Password”, is not necessary for SCIM as you’ll have Single Sign-On enabled already for all of your users.
Double-check your User Attributes that are matched to Mentimeter Application. userName should always be linked to the user’s email address for it to match on Mentimeter side as well.
SCIM is now turned on and will start provisioning all of the users and groups that are assigned to the OKTA application. See step 5 for how to assign users and groups, in the SSO setup guide for OKTA.
4. Final Checks
Verify that users are correctly added to your Mentimeter workspace by testing the provisioning by assigning a user to the Mentimeter application and verifying their presence under the Manage members section in Mentimeter.
Ensure that updates and deactivations in OKTA are accurately reflected in Mentimeter. A tip is to see if a user is deactivated in Mentimeter if they are unassigned from the application in OKTA.
And that's it! You have now successfully set up SCIM in OKTA. If you’re experiencing issues with the configuration, please contact your sales representative for assistance.