Overview

This guide will walk you through integrating an enabled identity provided with Risk Cloud. We reference Okta throughout this guide, but the integration will work with any identity providers using SCIM 2.0 protocol.

Features

The following provisioning features are supported:

Push New Users: New users created through OKTA will also be created in RiskCloud.

Push Profile Updates: Updates made to the user's given name, family name, and email address in OKTA will be made in RiskCloud.

Push User Deactivation: Deactivating the user or disabling the user's access to the application through OKTA will deactivate the user in RiskCloud.Note: No data is deleted in RiskCloud.

Reactivate Users: User accounts can be reactivated in the application.

Note: RiskCloud supports SAML for SSO. For more information on that, please contact your Relationship Manager.

Requirements

You must have the SCIM integration enabled in your RiskCloud instance. Please contact your Relationship Manager for more information.

Step-by-­Step Configuration Instructions

Note: This Configuration Guide is opened from the Provisioning tab. The General settings and Sign On settings have already been configured.

RiskCloud only provides support for “To App” Provisioning. Any use of “To Okta” is at your own discretion and RiskCloud cannot provide support for that use case.

Step 1:

Click Integration. Click Edit. 

For SCIM 2.0 Base Url, enter https://YOUR_SUBDOMAIN_HERE.logicgate.com/scim/v2 (Replace YOUR_SUBDOMAIN_HERE with your environment’s subdomain). 

For OAuth Bearer Token, use the token generated on the SCIM Integration page in your RiskCloud environment. Do NOT use the API token for a regular user in RiskCloud.

Click Test API Credentials to verify the information is good. If it is not, then contact your account representative for support.

Step 2:

 On the Provisioning tab’s To App, click Edit and select the items you want to enable:

Note: RiskCloud does NOT support Sync Password. If you enable it, we will ignore the information Okta sends RiskCloud.

Step 3:

 Click General. Under Application visibility, ensure both boxes are unchecked. (SSO via Okta to RiskCloud is provided outside the SCIM integration. For more information, please check with your Relationship Manager.)

Known Issues/Troubleshooting

  • If you encounter an error message that says “Error authenticating: null” when enabling the integration in Okta, please reach out to your RiskCloud representative.

  • If you are using Azure and have pre-existing users you want SCIM to manage, those pre-existing users might not be seen as managed by SCIM. This is because Azure doesn't send an edit request the way other SCIM providers do. If this happens to you, whether you use Azure or not, please reach out to Support and we can set these users to be seen as managed by SCIM.

Did this answer your question?