Okta + Lola User Management Guide

Check out our user management guide for SSO on the Okta platform! Note: This integration with Okta is currently beta testing and is only available for a limited number of customers.

 

Content

  1. Supported Features
  2. Requirements
  3. Configuration Steps
  4. Schema Discovery
  5. Troubleshooting Tips

Supported Features

The following provisioning features are supported:

  1. Push new users - New users created through Okta will be created in Lola
  2. Push user deactivation - Users deactivated through Okta will have their company access revoked
  3. Import new users
    1. New users created in Lola can be assigned to new or existing Okta users
  4. Reactivate users

Requirements

Before provisioning external users to the products that your company uses, there are a few prerequisites that you should consider.

  1. Ensure that your company’s Okta account has user provisioning functionality. View more information on Okta’s website.
  2. Ensure that you have an Okta account with admin privileges.
  3. Ensure that you have a Lola account with admin privileges (contact Lola’s Customer Success team if you need support with this).

Configuration Steps

First configure your Provisioning settings inside Okta as follows:

  • Go to the Provisioning tab within Lola’s application settings
  • Check the “Enable API Integration” box
    • The Base URL is https://api.lola.com/api/scim/v2/okta/  

Enable API Integration

  • Click “Authenticate with Lola”
    • The Lola account you use must be an Admin for your company
    • You will be redirected to lola.com
    • Sign in to Lola using your normal credentials
    • Click “Accept” to grant Okta permission
  • You will be redirected back to Okta and should see a message confirming the integration was completed successfully
  • Under “To App” make sure that “Create Users” and “Deactivate Users”, are the only checked options

 

image copy

  • Click “Save”
  • You’re all set! You can now import existing Lola users or create users with Okta

Extra Steps

  • To import users go to “Import” and click “Import Now”. You will be able to select Lola users and create or assign them to matching Okta users


    okta-exact
    okta-no
  • To add supported Lola user attributes, go to “Provisioning” and click “User Attributes”. Add attributes you would like to use from the Schema Discovery section. See the screenshot below for an example

    add attribute
  • To map Okta user attributes to Lola attributes, click “Mappings” and click on the right header titled “Okta User to Lola”. Add supported attributes using the green arrow “Apply mapping on user create and updated”. We recommend leaving the “userName” mapping as the default. See the screenshot below:

    green-arrow
  • To map Lola user attributes to Okta attributes, click on the left header titled “Lola to Okta User”. Add supported attributes using the yellow arrow “Apply mapping on user create only”. We recommend leaving the “login” mapping as the default. See the screenshot below:

    yellow-key

Schema Discovery

Lola supports the following SCIM attributes when creating users:

  • familyName
  • givenName
  • email
  • emailType
  • userName
  • locale
  • password

The “active” attribute is supported for adding/removing users from your company.


Troubleshooting Tips

  • Please note that accounts made through user provisioning must use the email address associated with your company’s domain name. For example, you cannot add a user with an @gmail.com email address.
  • Users in your organization should have lowercase email addresses, otherwise there may be provisioning errors.
  • If you're still unsure, please contact Lola’s Customer Success team if you need additional support setting up SSO with Okta!