Versions Compared

Old Version 4

changes.mady.by.user Remo Räber

Saved on

compared with

New Version Current

changes.mady.by.user Sheila Thorp

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

If your organization uses Okta to manage your employees access to tools and services, you can take advantage of Okta’s “Provisioning” feature to automatically maintain traveller profiles in Umbrella Faces for your users.

The integration between Okta and Contentful that enables this provisioning to occur is built around an industry-standard protocol known as SCIM (System for Cross-domain Identity Management). To learn more about how Okta works with SCIM, please see this article.

Table of Contents
outlinetrue

Features

The following provisioning features are currently supported by Umbrella Faces

...

While it is possible to use any administrator, we do recommend creating a dedicated user account with access limited to the scope of the integration. (e.g. Company Administrator account with "Can Crate Create / Edit / Delete Traveller" rights)

...

  1. Under the Applications tab, navigate to the Umbrella Faces application.

  2. Click on the "Sign On" General tab in the application.

    1. Under the "

    Advanced Sign-On

    1. App Settings" section enter the Faces Base URL in the field.
      This should be the address of where you login to Faces minus the "/login" portion. For example if you usually login at https://tenzing.umbrella.ch/faces/login you'll have to enter https://tenzing.umbrella.ch/faces

  3. Click on the “Provisioning” tab in the application. Under the “Settings” panel on the left side, click the “Integration” link. Then click
    1. Click the “Configure API Integration” button.
    2. Check "Enable API integration" checkbox
    3. Click the "Authenticate with Umbrella Faces" Button
  4. Okta will open a pop-up window, where you'll be able to sign-in to Umbrella Faces and authorize the connection
    Image Removed
    Image Added
  5. Once you've authorized the access, save and go back to the provisioning tab

  6. Under the “Settings” panel on the left side, click “To App” under the Settings panel on the left.

  7. Click the "Edit" button at the top right. Check the “Enable” box next to “Create Users”, "Update User Attributes" and "Deactivate Users"
    Image RemovedImage Added

You should now be able to assign your Okta users to the Umbrella Faces application as needed, with their profiles automatically showing up as traveller profiles.

Configure Okta to Umbrella Faces Mappings

To configure additional field mappings between Okta and Umbrella Faces perform the following steps:

 

  1. Under the Applications tab, navigate to the Umbrella Faces application.
  2. Click on the “Provisioning” tab in the application. Under the "To App" panel on the left side scroll to the bottom and select "Go to Profile Editor"

    Image Added


Within the profile editor you'll be able to change the predefined mappings as well as add additional mappings for custom data fields within Faces.

Known Issues / Troubleshooting

Known Issue / LimitationSolution
Faces does not support deactivation of travellers

Whenever a profile is set to inactive, we will delete it on our end.
It will be re-created from the data provided by Okta when re-activating the user. All data not stored in Okta is lost

Supported Data fields

The following standard SCIM fields are supported:

  • username
  • given-, middle- and family name
  • title
  • locale
  • primary email
  • work-, mobile- and home phone

Additionally, we support custom attributes as defined in "Attribute Definitions" below.

Please do not hesitate to reach out to us should you wish for further data fields to be made available

Attribute Definitions

Company Shortname

Note

By default this attribute is mapped to 'EXAMPLE', you'll want to update this to reflect an actual company shortname, either statically or via a function or other data field.

At the very least, Umbrella Faces will require you to setup a

...

mapping for "company_shortname", which is responsible for mapping the travellers to the correct company within Faces

...

.

TBD

External namecompany_shortname
External namespaceurn:ietf:params:scim:schemas:extension:umbrellafaces:2.0:Traveller
Example

Image Added

Generic Field Value

To setup a mapping of a generic field value, first find the field name from the Umbrella Faces administrative UI

Image Added

Then setup the attribute in Okta as follows and add a mapping

External namegeneric_fields.^[type=='UmbrellaFacesFieldName'].value
External namespaceurn:ietf:params:scim:schemas:extension:umbrellafaces:2.0:Traveller
Example

Image Added