The following guide is for the 1.0 version of Egnyte SCIM in Okta. If you have never set up SSO with Okta before, please use the newer, more advanced SCIM 2.0 applicaiton. You can find the instructions to do so here.
This article will walk you through how to set up SSO for Egnyte using Okta. We'll also show you how to provision users from Okta to Egnyte once it has been set up.
Set up Okta for Egnyte
Before you continue with the steps below, please ensure you're logged in as an Admin user in Okta.
- Under the Applications tab, select the Add Application button, search for Egnyte, and select Add for Egnyte SCIM 1.0.
- On the General Settings tab, enter the following information:
Application label: Label that Egnyte will have on your Okta homepage (e.g., "Egnyte SCIM").
Subdomain: Your Egnyte account domain, <yourdomain.egnyte.com>. If you log into "https://acme.egnyte.com", you would just type "acme" here.
Application Visibility: Leave all boxes in this section unchecked. This allows users to see the Egnyte application on the Okta homepage.
- Click Next to access the Sign-On tab. Select the SAML 2.0 option.
Click the View Setup Instructions button and keep the instructions that open in a separate tab. We will revisit them in a few steps.
- In the Credentials Details section, choose Okta username prefix from the Application username format drop-down.
- Click Done.
To continue the setup in Egnyte, proceed to the Configure Egnyte Settings for Okta section below.
Configure Egnyte Settings for Okta
- Log into the Egnyte account as an Administrator.
- Open the menu (3 horizontal lines), select Settings from the drop-down, and open the Security & Authentication tab.
- Scroll down to the Single Sign-On Authentication section, select SAML 2.0 from the Single sign-on authentication drop-down, and choose Okta from the Identity provider drop-down.
- Enter the information provided in the Setup Instructions you got from Okta earlier in the following fields:
Identify provider login URL
Identify provider entity ID
Identify provider certificate
API key*: This will be needed if users will access the Desktop App. See the steps below.
Default user mapping: Select the appropriate option from the drop-down.
*To generate an Okta API key, navigate back to Okta, open the Security tab, and select API. Open the Tokens tab, click Create Token, enter a name for the token, and click Create Token to generate the key. Copy this information and paste in into the API key field in Egnyte.
- Click Save once all of the information has been entered.
If your users are already added in Egnyte, please proceed to the Import Users into Okta section.
Please refer to the Provision Users from Okta section for provisioning users already in Okta to Egnyte.
Import Users into Okta
- Log into Egnyte through the Web UI. Navigate to Settings, open the Users & Groups tab, and click Import Users.
- In the Import Users window, click Download Sample File to download the sample user provisioning CSV file.
- Open the downloaded CSV file in Microsoft Excel and fill out the columns with the following values:
When updating existing employees, you can update the Authentication method in the users profile or export the users and update the Username (if needed), AuthType, and ldpUserID columns for every employee with an Okta login.
Here's an example of how it will look in Microsoft Excel:
Periods, underscores, and hyphens can be placed in usernames; however, usernames cannot begin with these symbols nor can a username end with a period.
- Save the file in .csv format.
- In the Import Users window, upload the file to Egnyte by clicking Choose file.
If you are using the spreadsheet to create new employee accounts in Egnyte, select the checkbox Allow the creation of new users. If your employees already have accounts in Egnyte and you are now allowing them to have SSO access, select Allow updating of existing users.
- Click Import and wait for the confirmation email that indicates your user import has completed.
Test the setup by logging out of your Egnyte account. You should now see a different login page that includes a Single Sign-On option. Click Login and you should be redirected to your SSO provider. Once you log in, you should be redirected to your Egnyte domain.
Provision Users from Okta
To begin, first ensure that your Egnyte application on Okta has been completely configured. Please refer to the steps above.
- Go to the Provisioning tab in the Egnyte app, click the Configure API integration button, and check the Enable API integration box. You will also need to click the Authenticate with Egnyte SCIM 1.0 box to generate the authentication token.
- You will be redirected to an Egnyte login page. Login with your Administrator credentials and select Allow Access when promoted.
- You'll be taken back to Okta and should see a "successful" message appear. Click Save to apply your changes.
- From the Provisioning tab, select Edit, enable "Create Users", Update User Attributes", and "Deactivate Users", and click Save.
- Scroll down to the Egnyte SCIM Attribute Mappings section and edit the following fields:
User Type: Select "Same value for all users" and choose the appropriate option from the drop-down. If most of the users in Egnyte will be Power Users, select power. For Apply on, select Create and update. Click Save.
Authentication Type: Select "Same value for all users" and choose sso from the drop-down. For Apply on, select Create and update. Click Save
- Assign Okta users to Egnyte by going to the Assignments tab and clicking on Assign, then Assign to People or Assign to Groups.
- Select the users and/or groups that should be provisioned to Egnyte.
When assigning users, examine the user information and ensure the following fields contain the correct information.
User Name: Username to be used on Egnyte. Please ensure there are no special characters or white spaces in the User Name field. If your users were created to have the domain suffix included (e.g., ‘email@example.com’), then you will need to remove ‘@acme.com’ as Egnyte does not support special characters.
User Type: Egnyte user type (For more information on each user type, please click here).
Authentication Type: SSO
- Once all users or groups have been assigned, click Done. After finishing the assignment, the users and/or groups should automatically be provisioned into Egnyte.