If your organization uses Okta to manage employee access to tools and services, you can utilize Okta's "Provisioning" feature to automatically provide your users with access to DocuWare via SCIM. This guide will walk you through the steps to configure both DocuWare and Okta to set up provisioning for your organization.
The current version of UserSync (v3) supports the following provisioning features:
· Automatic User Creation: Users assigned to the Reftab application in Okta are automatically created as users in Docuware.
· Attribute Synchronization: Any updates to user attributes (userName, email, activeness) in Okta will be reflected in Docuware.
· User Deactivation: When users are deactivated in Okta, they are marked as 'disabled' in Docuware, preventing them from logging in.
Configuring Okta:
1. Login to your Okta organization and navigate to the view
2. In the Admin view navigate to Applications under Applications
3. In the Applications page, click on Create App Integration
4. In the pop-up, for a sign-in method choose SAML 2.0 and then click Next
(this sign-in method is not actually used, but has to be chosen)
5. In the first tab General Settings on the Create SAML Integration page, enter a preferred App name and click Next
6. On the next tab - Configure SAML, enter a Single sign-on URL and an Audience URI (actual values does not matter, as they are not actually used), may use http://www.okta.com, then click Next
7. On the Feedback tab, check the option “This is an internal app that we have created” and click Finish
8. In the just created application click on the General tab, on App Setting click Edit, than select SCIM for a provisioning method and click Save
9. Scroll down to App Embed Link, then copy the ID after /home/ on the Embed Link (as shown on picture below) - in the demo case - trial-5967756_oktascimintegration_1
10. Don’t close the Okta configuration and jump to Configuring DocuWare
Configuring DocuWare:
1. Go to /Settings (Configuration page) and choose App Registration plugin under Integrations
2. In the App Registration plugin, select New app registration
3. In the Create Application Registration pop-up, choose Web application, then click Continue
4. Configure your application:
1. Enter a Name for the app registration
2. add a Redirect URL with the value
https://system-admin.okta.com/admin/app/cpc/{ID}/oauth/callback
where ID should be replaced by the value, which you have copied in step 9 above.
In the demo case final URL is
https://system-admin.okta.com/admin/app/cpc/trial-5967756_oktascimintegration_1/oauth/callback
3. Select Authorization Code as Grant type
4. Select User Provisioning in Allowed Resources
5. Ensure “Use refresh token” is enabled
6. Click Save
5. From the just created App Registration copy the values of
1. Application (Client) ID
2. Client secret
6. Open User Provisioning plugin
7. In the User Provisioning plugin Enable User Provisioning
8. In the dropdown Identity Provider select Okta
9. In the dropdown Application Registration select the created app registration in the plugin App Registrations (Okta SCIM Integration)
10. Click on the button Save
11. Copy the links:
1. SCIM connector base URL
2. Authorization Endpoint
3. Access token endpoint URI
Configuring Okta:
1. In the Provisioning tab of the Okta application, go to Integration and click Edit, then fill the following inputs:
1. SCIM connector base URL → https://usermgmt-testlatest.docuware.cloud/DocuWare/usersyncbackend/okta/scim copied from 11.a
2. Unique identifier field for users → userName
3. Supported provisioning actions → check Import New Users and Profile Updates, Push New Users, Push Profile Updates, Push GroupsAuthentication Mode → select OAuth 2
4. Access token endpoint URI → paste the copied from 11.c
5. Authorization endpoint URI → paste the copied from 11.b
6. Client ID → paste the copied in step 5.a. from Configuring DocuWare Application (Client) ID
7. Client Secret → paste the copied in step 5.b. from Configuring DocuWare Authorization endpoint
8. Click Save
2. After saving, navigate back to the Integration tab and at the bottom of the page click the authentication button to generate a token
1. Provide your DocuWare’s admin user credentials
2. An updated message will appear ensuring the token is successfully generated
3. A new App tab should appear under Provisioning tab, on Provisioning to App click Edit, then check Create Users, Update User Attributes, Deactivate Users and click Save
4. Scroll down to Okta SCIM Integration Attribute Mappings and click on Go to Profile Editor
5. In the Profile Editor click on Mappings
6. Needed User Profile Mappings:
o appuser.givenName → firstName
o appuser.familyName → lastName
o appuser.email → email
7. For each of the remaining attribute mappings, click the yellow arrow and choose Do not map. After unsetting all mappings except the ones you need, click Save Mappings at the bottom of the window.
8. Go to the second tab, Okta User User Profile, and repeat the same steps.
9. Delete all the other not needed attributes from Profile Editor by pressing the X sign and then Delete Attribute, as a result all Attributes except for Username, Given name, Family name and Primary email should be deleted.
10. Provisioning configurations are all set and you can continue with using it!
Provisioning users:
1. Navigate to the recently created Okta application
2. On the Assignments tab:
1. Assign → Assign to people → then assign a person you want to be provisioned
3. Find your successfully created user in DocuWare
Provisioning groups and their members:
1. Navigate to the recently created Okta application
2. On the Assignments tab:
1. Assign → Assign to groups→ then assign a group you want to be provisioned. This will automatically add all the members of the groups to also be provisioned.
2. Navigate to the Push Groups tab
1. Select Push Groups option
2. Choose to Find the group by name
3. Write the name of the group
4. Leave the Push group membership immediately option active
5. Select Create Group option
3. Find your successfully updated group and users
#########################
If your organization uses Okta to manage employee access to tools and services, you can utilize Okta's Provisioning feature to automatically provide your users with access to DocuWare via SCIM. This guide will walk you through the steps to configure both DocuWare and Okta to set up provisioning for your organization.
With DocuWare 7.12, User Provisioning supports the following provisioning features:
Automatic User Creation: Users assigned to the Reftab application in Okta are automatically created as users in Docuware.
Attribute Synchronization: Any updates to user attributes (userName, email, activeness) in Okta will be reflected in Docuware.
User Deactivation: When users are deactivated in Okta, they are marked as disabled in Docuware, preventing them from logging in.
Register DocuWare in Okta
Login to your Okta organization and navigate to this view:
.png)
In the Admin view navigate to Applications > Applications
.png)
In the Applications page, click on Create App Integration
.png)
In the pop-up, for a sign-in method choose SAML 2.0 and then click Next. This sign-in method is not actually used, but has to be chosen.
.png)
In the first tab General Settings on the Create SAML Integration page, enter an app name and click Next.
.png)
On the next tab - Configure SAML, enter a Single sign-on URL and an Audience URI. Actual values does not matter, as they are not actually used. You may use http://www.okta.com. Then click Next.
.png)
On the Feedback tab, activate the option “This is an internal app that we have created” and click Finish.
.png)
In the just created application click on the General tab, on App Setting click Edit, than select SCIM for a provisioning method and click Save.
.png)
Scroll down to App Embed Link, then copy the ID after /home/ on the Embed Link - as shown on picture below. Here it is trial-5967756_oktascimintegration_1
.png)
Don’t close the Okta configuration and switch to Docuware Configuration.
Connect DocuWare and Okta
Go to DocuWare Configuration > Integration > App Registration.
Select New app registration.
In the Create Application Registration pop-up, choose Web application, then click Continue.
Configure your app registration:
Enter a Name for the app registration
Add a Redirect URL with the value
https://system-admin.okta.com/admin/app/cpc/{ID}/oauth/callback
where ID should be replaced by the value, which you have copied in step 9 above.
In the demo case final URL is
https://system-admin.okta.com/admin/app/cpc/trial-5967756_oktascimintegration_1/oauth/callback
As Grant type select Authorization Code.
In Allowed Resources select User Provisioning.
Confirm with Save.
.png)
From the created App Registration copy the values of
Application (Client) ID
Client secret
Switch to DocuWare Configuration > General > User Provisioning.
Activate the option Enable User Provisioning.
In the dropdown Identity Provider select Okta.
In the dropdown Application Registration select the created app registration in the plugin App Registrations (Okta SCIM Integration) (step 6-10 in the chaptre Configurin Okta).
.png)
Do not forget to Save.
Copy these links:
SCIM connector base URL
Authorization Endpoint
Access token endpoint URI
Configuring Okta
Switch back to Oka application. Go to Provisioning > Integration > Edit and enter the following inputs:
SCIM connector base URL: https://usermgmt-testlatest.docuware.cloud/DocuWare/usersyncbackend/okta/scim - copied from step 11.a of the previous chaptre.
Unique identifier field for users: userName
Supported provisioning actions: check Import New Users and Profile Updates, Push New Users, Push Profile Updates, Push Groups, Import Groups
Authentication Mode: select OAuth 2
Access token endpoint URI: paste the URI copied from 11.c
Authorization endpoint URI → paste the URI copied from 11.b
Client ID: paste the copied in step 5.a from Configuring DocuWare Application (Client) ID
Client Secret → paste the copied in step 5.b from Configuring DocuWare Authorization endpoint
.png)
After saving, navigate back to the Integration tab and at the bottom of the page click the authentication button to generate a token
Provide your DocuWare’s admin user credentials
An updated message will appear ensuring the token is successfully generated
.png)
A new App tab should appear under Provisioning tab, on Provisioning to App click Edit, then check Create Users, Update User Attributes, Deactivate Users and Save.
.png)
Scroll down to Okta SCIM Integration Attribute Mappings and click on Go to Profile Editor.
.png)
5. In the Profile Editor click on Mappings .png)
On each and every mapping except Primary Email > email in the tab Okta SCIM Integration User Profile click on the yellow arrow and select Do not map. When all mappings except the Email one are unset, click Save Mappings at the bottom of the window.
.png)
.png)
Navigate to the second tab Okta User User Profile and repeat the same procedure for each and every available mapping except Primary Email > appuser.email.
.png)
After all mappings except the one for the Username and the one for the Email are unset, you are safe to delete them from Profile Editor by pressing [X] and then Delete Attribute. As a result all Attributes except for Username and Email should be deleted. Username is the only attribute that is required and Email is optional, but should remain mapped in order to receive emails when provisioned.
Action:
.png)
Result:
.png)
9. Provisioning configurations are all set and you can continue with using it.
Provisioning users
Navigate to the recently created Okta application. Go to Assignments > Assign > Assign to people and then assign a person you want to be provisioned.
.png)
.png)
Find your successfully created user in DocuWare
.png)