- Supported Features
- Configuration Steps
- Schema Discovery
- Troubleshooting Tips
The following provisioning features are supported:
- Push new users - New users created through Okta will be created in Lola
- Push user deactivation - Users deactivated through Okta will have their company access revoked
- Import new users
- New users created in Lola can be assigned to new or existing Okta users
- Reactivate users
Before provisioning external users to the products that your company uses, there are a few prerequisites that you should consider.
- Ensure that your company’s Okta account has user provisioning functionality. View more information on Okta’s website.
- Ensure that you have an Okta account with admin privileges.
- Ensure that you have a Lola account with admin privileges (contact Lola’s Customer Success team if you need support with this).
First configure your Provisioning settings inside Okta as follows:
- Go to the Provisioning tab within Lola’s application settings
- Check the “Enable API Integration” box
- The Base URL is https://api.lola.com/api/scim/v2/okta/
- Click “Authenticate with Lola”
- The Lola account you use must be an Admin for your company
- You will be redirected to lola.com
- Sign in to Lola using your normal credentials
- Click “Accept” to grant Okta permission
- You will be redirected back to Okta and should see a message confirming the integration was completed successfully
- Under “To App” make sure that “Create Users” and “Deactivate Users”, are the only checked options
- Click “Save”
- You’re all set! You can now import existing Lola users or create users with Okta
- To import users go to “Import” and click “Import Now”. You will be able to select Lola users and create or assign them to matching Okta users
- To add supported Lola user attributes, go to “Provisioning” and click “User Attributes”. Add attributes you would like to use from the Schema Discovery section. See the screenshot below for an example
- To map Okta user attributes to Lola attributes, click “Mappings” and click on the right header titled “Okta User to Lola”. Add supported attributes using the green arrow “Apply mapping on user create and updated”. We recommend leaving the “userName” mapping as the default. See the screenshot below:
- To map Lola user attributes to Okta attributes, click on the left header titled “Lola to Okta User”. Add supported attributes using the yellow arrow “Apply mapping on user create only”. We recommend leaving the “login” mapping as the default. See the screenshot below:
Lola supports the following SCIM attributes when creating users:
The “active” attribute is supported for adding/removing users from your company.
- Please note that accounts made through user provisioning must use the email address associated with your company’s domain name. For example, you cannot add a user with an @gmail.com email address.
- Users in your organization should have lowercase email addresses, otherwise there may be provisioning errors.
- If you're still unsure, please contact Lola’s Customer Success team if you need additional support setting up SSO with Okta!