Overview

Prior to configuring and testing Responsive in Okta, ensure that the SCIM feature is enabled for your company in Responsive.

Troubleshooting and tips

• If the SCIM feature is not enabled for your company in Responsive, testing your connection fails with a 403 response code.
• Ensure a default role and business unit are selected at the application level in Organization Settings > Security before proceeding with the setup in the Okta.
• Email addresses are the primary/unique identifier, so ensure they get mapped.
• The rfpio_user_role and costCenter (Business Unit in Responsive) fields are non-editable. These are set during creation/app assignment.
• The Responsive username must be unique.
  • userName and email address are the same in the Responsive side.
  • userName is a non-editable field.

Configuring user provisioning in Okta

1. Login to Okta, go to the Applications page, and click Browse App Catalog. The Browse App Integration Catalog page appears.
2. Enter Responsive in the Search box, select Responsive, then click Add Integration. The Add Responsive-General settings tab displays.
3. Click Next to go to the Sign-On Options page.
4. Select Email from the Application username format drop-down list, then click Done.

Generating an OAuth Bearer Token from Responsive

1. Go to Organization Settings > Security > SSO/SCIM > SCIM and turn on the Auto User Provisioning toggle.
   
2. Click Generate SCIM API Token, select the appropriate options from the Default Business Unit (if enabled) and Default User Role drop-down lists, then click Save.
3. A warning message displays alerting you to copy your API token and store it. Click Got It! on the warning message. The SCIM window displays.
4. Click the Copy icon to copy the token, then click Save.
   
5. In Okta, go to the Provisioning page and click Configure API Integration.
6. Click the Enable API Integration checkbox and paste the copied API token in the OAuth Bearer Token field.
7. Type https://app.rfpio.com/rfpserver/scim/v2 in the SCIM 2.0 Base URL field, then click Test API Credentials.
8. Click Save once the credentials are tested successfully.
9. Click the To App tab and click Edit.
   
10. Select the checkboxes for Create Users, Update User Attributes, and Deactivate Users, then click Save.
    

    • Supporting attributes:

      Attribute	Value
      Given name	user.firstName
      Family name	user.lastName
      Title	user.title
      Primaryphone	user.primaryPhone
      Time zone	user.timezone
      *Cost center(optional & custom)	user.costCenter (This is applicable only if business unit is enabled in Responsive)
      *rfpio_user_role(optional & custom)	user.user_role (Responsive Internal value which specifies the role name. If not given while provisioning, default role would be set)

    • Cost center and user role are optional attributes. The default value for these can be set in Responsive while generating the bearer token.
11. Click the To Okta tab, then scroll down and click Go to Profile Editor.
    
12. Click Add Attribute and enter the following values in their respective fields.
    • Display Name field: Type rfpio_user_role
    • Variable Name field: Type rfpio_user_role
    • Description field: Enter the internal value that indicates the role name in Responsive. This must match with the available role names in the Responsive account.
13. Click Save to display the newly added attribute.
14. Click the Provisioning tab, then scroll down and click Go to Profile Editor.
15. Click Mappings to map the attributes.
    
16. The User Profile Mappings page displays. Click the Responsive to Okta tab and then map the rfpio_user_role attribute to user_role from the drop-down.
    
17. Click the Okta to Responsive tab and then map the user_role attribute to rfpio_user_role from the drop-down.
    
18. Click Save Mappings. The Responsive SCIM User Profile Mappings page displays.
19. Click Apply updates now. Once the attribute is mapped, it displays as shown below:
    • Responsive to app mapping:
      
    • Responsive to Okta mapping:
      

User provisioning/deprovisioning in Responsive

You can add, update, or delete users in Responsive.

Adding users

Once users are assigned to the SCIM application, they are added to Responsive along with their role. If a role or BU is not specified in the users profile, the default role (Team Member) or default BU is assigned to them.

• In SCIM:
  
• In Responsive:
  

Updating users

User profiles are updated in Responsive when any of the below attributes are modified for the assigned application user in Okta:
Note: Emails, user roles, and BUs cannot be updated; they can be set only during user creation.

• Given name
• Family name
• Primary phone
• Title
• Time Zone

Deleting users

If users are removed from the SCIM application, they are rendered inactive in Responsive. To delete a user from SCIM:

1. Click the Delete icon associated with the user to be removed.
   
2. Click OK on the confirmation pop-up.