Skip to main content

 

 
8x8 Support

8x8 SCIM Configuration Guide for Okta

Objective

This configuration guide describes the feature capabilities of the SCIM integration between 8x8 and Okta for enterprise users and telephony service management, and step-by-step illustration of how to configure the integration.

Important-Icon.png

Important: Okta SCIM management of 8x8 Admin Console users requires that those users be created in Okta, first, and then synced to 8x8 Admin Console.

In this case, any existing users created from 8x8 Admin Console must first be deleted, and then recreated from Okta.

Note that Okta SSO login will work for 8x8 Admin Console users regardless of where the user account was initiated.

Applies To

  • 8x8 Admin Console
  • 8x8 SCIM
  • Okta

Procedure

Integration Prerequisites

  1. Log in to 8x8 Admin Console.
  2. Click Identity Management.

clipboard_eb7aebc3cbda10641a7a227d30abb7e33.png

  1. Check Single Sign on (SSO).
  2. Select Okta from the Select SSO Provider list.
  3. In OKTA SAML Settings, configure the following fields:
    1. Fill in the IDP Login URL
    2. Fill in the IDP Issuer URL/URN
    3. Upload your Okta certificate to the Certificate in use field.
      • These can be obtained from the SAML 2.0 View Setup Instructions page under the Okta Sign-on tab within the 8x8 app in Okta (search 8x8, Inc. from the list of applications).

clipboard_ed22068c7378e71c9d17464dece369228.png

  1. In Okta User Provisioning, click Show user provisioning information to expand the section.
  2. Copy the following information provided for SCIM user provisioning from Okta:
    • 8x8 URL
    • 8x8 API Token
  3. Click Save to preserve your configuration. The 8x8 API Token will change if you do not Save, or if you clear the Identity Management configuration.

clipboard_e04a9d88f1562294c7345d7df19638fbe.png

  1. If opting to sync telephony configuration back from 8x8 into Okta, you are also required to provide the URL to your Okta instance and Okta token in the Okta Sync Back Information section.
    • To get the Okta token, navigate to Security > API within Okta, click Okta API - Create New Token, and provide a token name as shown in the example below: SCIM Integration.
      8x8 Okta SCIM Config 4.png
    • Copy the generated Okta token.
    • Input your Okta URL (e.g., https://company.oktapreview.com) and Okta token into the respective Okta Sync Back Information fields, as shown in the example below.
      8x8 Okta SCIM Config 5.png
  2. Save changes made to the Identity Management page.
  3. Add the 8x8 application to the list of apps used by the company. For this, login to Okta and navigate to Admin - Applications, search for 8x8 and select the 8x8 Inc app that has both SAML and SCIM provisioning.
    8x8 Okta SCIM Config 6.png
  4. Once added, the 8x8 app will be available in your application list.
    8x8 Okta SCIM Config 7.png
  5. Click on the 8x8 inc app.
  6. In the Provisioning tab, click enable provisioning.
  7. Add the 8x8 SCIM service URL and 8x8 token from step 4 (copy the values over).
  8. Test API credentials to make sure connectivity to the SCIM Service is successful.
    8x8 Okta SCIM Config 8.png

Setting up the Integration between 8x8 and Okta

This section describes how the integration works between the 8x8 SCIM app and Okta.

User Import

Keep enabled. This is needed for telephony system attribute updates to get synced back into Okta from 8x8. This is currently supported with a polling interval that can be changed if needed.

8x8 Okta SCIM Config 9.png

Create Users

This will enable users to be provisioned into the 8x8 system This can be done with:

  • User (People) Assignment
  • User assignment within Groups

8x8 Okta SCIM Config 10.png

Update User Attributes

Changes to user profile attributes in Okta will be propagated to 8x8 automatically.

8x8 Okta SCIM Config 11.png

Deactivate Users

Users in 8x8 will be suspended automatically.

8x8 Okta SCIM Config 12.png

To enable the integration, attribute mappings between Okta and 8x8 will need to be configured. These are readily pre-configured with your 8x8 SCIM app. Following are the minimum set of attributes that are needed for a user to be automatically synced into 8x8.

From: Okta

To: 8x8

user.username

username

user.firstName

givenName

user.lastName

familyName

user.email

email

Post Configuration Steps

All user profiles that have been synced from Okta into 8x8 are now visible in the 8x8 Admin Console user list page. For these users, an administrator will be able to assign licenses and configure services, after which these users may place or receive calls using their hardware endpoints or softphones (VOD/VOM), and avail of 8x8’s telephony services. End users with VOD/VOM will also have the ability to single sign-on into Okta from the softphone login page, before being able to leverage these advanced capabilities.

Additional Information

For more instructions, see the 8x8 Integration with Okta help guide.

Features

Features of the 8x8 SCIM integration include:

  • Automatic sync of Active Directory (AD) users and groups from Okta into 8x8
    • New standalone user creation
    • New user creation within Okta Groups
    • User updates
    • User deactivation
  • Telephony service enablement for users with 8x8 Admin Console
  • Reverse sync of telephony information from 8x8 back to Okta
    • Primary extension
    • Phone number
  • Single sign-on of users into Okta from 8x8 softphone, i.e., 8x8 Work Desktop (VOD), 8x8 Work Mobile (VOM)

Limitations

  • SCIM management of 8x8 users is only available to 8x8 Admin Console accounts. It is not compatible with Account Manager. However, basic Okta SSO authentication with 8x8 will work on either platform.
  • Okta SCIM management of 8x8 Admin Console users requires that those users be created in Okta, first, and then synced to 8x8 Admin Console.
  • Sync of groups from Okta to 8x8 is not available with the integration (however, sync of users within groups is available).
  • Any updates to existing usernames in Okta, for users that have already been synced, are not propagated to Federation ID in the 8x8 system.
  • In the 8x8 Admin Console Identity Management page, after entering the fields under “Send Telephony System Updates”, clicking on “Generate 8x8 Secret” and saving the changes, the fields appear blank due to a known UI bug, even though data is correctly persisted.
  • Federation ID is not visible in the 8x8 Admin Console user page after user provisioning, although it is correctly persisted.
  • Okta URL and Okta token are mandatory to configure in 8x8 Admin Console Identity Management page, if opting to sync back extension and phone number into Okta, even while using the Okta Import feature.