This guide provides the steps required to configure Automated User Provisioning.
The following provisioning features are supported:
- Get a list of users from the Workboard app.
- Query a set of users from the Workboard app.
- Search a set of users from the Workboard app.
- New users created through OKTA will also be created in Workboard.
- Updates flow from Okta into Workboard.
- Updates made to the user's profile from OKTA will be pushed to Workboard.
- Deactivating or disabling the user's access to the application through OKTA will deactivate the user in the Workboard application.
- Delete calls from Okta will disable the user in Workboard.
Workboard does not support Just-In-Time (JIT) provisioning.
Note: Deactivating a user removes that user's ability to access Workboard and the user's data is archived with the manager's account.
Before you configure provisioning for Workboard, make sure you have the following:
- IT administrative permissions in Workboard
Note: If you see SSO Configuration under the Admin tools in Workboard, you have the correct permissions. If you do not see the SSO Configuration option, please submit a support ticket to firstname.lastname@example.org to request these permissions.
- You have received a SCIM Secret API access token from Workboard.
Note: Request an SCIM Secret API token by Submitting a support ticket to email@example.com.
Pro Tip: WorkBoard has an app on the Okta Marketplace.
Note: For US Orgs only
Note: If you're an EU Org, you'll need to create a custom OKTA application instead of using the one already available in the Okta Marketplace. A custom app should have been created when you configured SSO, if so, you should use that to also configure SCIM.
Configure your Provisioning settings as follows:
- Check the Enable provisioning features box.
- Enter https://myworkboard.com/wb/apis/scim as the Base URL
- Paste in the API token received from Workboard
- Click Test API Credentials
- Scroll down and select the Provisioning Features you want to enable. Click Next.
- Assign people to the app as required.
- Re-activating an existing user will create a new instance of that user.
- Users without First Name or/and Last Name can not be created.
- Only email address is allowed for the userName parameter.
- Authentication Mode should be HTTPs Header as we use a token instead of a username and password.