This guide provides the steps required for existing Harriet customers to configure automatic provisioning, deprovisioning, profile updates and group management of Harriet users and groups using System for Cross-domain Identity Management (SCIM 2.0).

Notes:

• If you already have SSO enabled for Harriet in Okta, you do not need to reconfigure SSO again. Just look for the Provisioning tab under Applications in Okta to set SCIM up.
• If you had SSO set up from a manual configuration by one of our team, you should add our new Harriet app into your Okta account. You will find this in App catalog by searching for Harriet. Because this is a new version of our app in Okta, existing customers might be required to reconfigure Single Sign On (SSO) before enabling SCIM Provisioning. (step by step instructions below)
• Users provisioned through Okta will have an access to Harriet Chatbot and will take up a license instantly.

Features

The following SCIM provisioning features are supported:

• Provision Users from Okta
  • Users assigned the Harriet app in Okta will be provisioned in Harriet Platform and will be able to:
    • Log in to Harriet
    • Communicate with Harriet chatbot via Slack/Google Chat/Microsoft Teams as appropriate.
  • Note that users will not receive an automatically-generated invite email from Harriet if they are SCIM provisioned from Okta.
• Push Profile Updates
  • Updates made to the user's profile (email, first name, and last name) through Okta will be pushed to Harriet Platform for users who are associated with Harriet app in Okta.
• Push User Deactivation
  • Deactivating the user or disabling the user's access to the application through Okta will deactivate the user on Harriet Platform.
  • Note: Deactivated users will retain their data for reporting purposes or future reactivation. To permanently delete a SCIM-managed deactivated user you will first need to break the SCIM connection for that user, which the Harriet support team can assist with.
• Reactivate Users
  • Users can be reactivated in Harriet Platform by reassigning the app to that user through Okta.
  • Note that reactivated users will receive an automatically-generated email from Harriet saying they’ve been reactivated.
• Group Push

  • Groups and their memberships will be pushed to Harriet Platform. Manage groups is limited to groups pushed originally from Okta as we do not send information of groups created on Harriet Platform.

  • Users can be added and removed from Harriet administrator roles

    • Administrator
    • Owner
    • Support helpdesk user

    This functionality requires the configuration on Okta of specially-named groups - see below for details.

Configuration Steps

1. For SCIM, you need to contact [email protected] to generate your Harriet API key. Harriet will share a key securely with authorized administrators. We will use this key later on Okta Dashboard.

2. Once you receive Harriet API key, To get started, log into your Harriet account and go to the All integrations page, look for Okta integration and click Connect.

3. Click Save to enable Okta integration on your account. You do not need to enter any information on this page if you are not also setting up SSO with Okta via OIDC.

1. On the application section on your Okta Dashboard, Click on Browse App Catalog, search for Harriet and click Add.
2. Adding the Harriet app will redirect you to the App general page. Enable API integration by going to Provisioning > Integration. Enter the Harriet API key that you received in Step 1 into the API Token box, and ****click Save