SCIM

​

Features

The following features are supported by Rootly:

• Create users. Users in Okta assigned to the Rootly application in Okta will be automatically added as members of your organization in Rootly.
• Deactivate users. Users in Okta unassigned from the Rootly application in Okta will be automatically removed as members of your organization in Rootly.
• Import users. Users in Okta can be imported at once into Rootly.
• Update User Attributes. Users attributes updated in Okta will be updated in Rootly ( As firstname, lastname etc. )

​

Requirements

Make sure you setup SSO first.

Rootly Tenant URL Endpoint: https://rootly.com/scim

Note: The endpoint will only resolve in the application after SSO setup has been completed first as noted above.

​

Okta

​

Enable SCIM provisioning functionality in Okta

1. In Okta, navigate to Applications > Rootly
2. Click on the Provisioning tab in the application. Under the Settings panel on the left-hand side, click the Integrations link. Then click Configure API Integration.
3. Enter your API Token, you will find it under Rootly > Integrations > SSO under SCIM Token.

​

Enable “create users” and “Deactivate users” functionalities in Okta

1. In Okta, navigate to Applications > Rootly
2. Click on the Provisioning tab in the application. Under the Settings panel on the left-hand side, click the To App link.
3. Click the Edit button at the top right. Check the Enable box next to Create users and Deactivate users to automatically provision/deprovision users in Rootly when they are assigned/unassigned to the Rootly app in Okta.
4. Ensure the Default username used to create accounts in Okta is set to email. If it’s not, update this value by going to the Sign on tab of the Rootly application in Okta, click Edit, then set the Application username format to email under the Credentials settings section.

​

Provision Users via Push Groups

Create a Group

1. In Okta, navigate to Directory > Groups on the left navigation pane.
2. Click on +Add Group.
3. Give the Group a name and an optional description.
4. Now you have a Group which you can add Users to and provision the entire Group to a Rootly Role.

Provision a Group

1. In Okta, navigate to Applications > Rootly
2. Click on the Push Groups tab
3. Click on +Push Groups button to find the Group you’d like to provision.
   1. Click on the Group you’d like to provision from the dropdown.
4. Switch from Create Group to Link Group.
5. Click Save.
6. Navigate to your Rootly UI and select Integrations > SSO.
7. Under the Role Assignment section, select which Rootly Role you’d like to assign to the Okta Group.
8. You’re all set! Now, every time you add a user to that Okta Group, they will be provisioned to Rootly in the associated Rootly Role.

​

Microsoft Entra

​

Enabled SCIM provisioning functionality in Microsoft Entra

https://learn.microsoft.com/en-us/entra/identity/saas-apps/rootly-provisioning-tutorial

​

Google Workspace

​

Enabled SCIM provisioning functionality in Google Workspace

Google Workspace only supports SCIM for a few apps for reasons we aren’t aware about. Fortunately enough we can take advantage of those to make it work with rootly.

• Add a new Web and Mobile apps
  
• Then add Adobe App
  
• In the next form fill out all fields with
  • https://dummy.com/saml
• When it comes to configure auto-provisioning, copy the SCIM token you can find under Rootly > Integrations > SSO.
• Endpoint url to configure is https://rootly.com/scim
• Select a group of user you want to import into rootly or leave empty.
• Finally enabled the application. The sync should kick in shortly.

​

Troubleshooting

If you encounter any questions or difficulties with SSO or SCIM provisioning with Okta, please contact Rootly support via support@rootly.com.