I am excited to announce that HPE have developed and promoted a way to bring users and groups from Okta to HPE GreenLake Flex Solutions. Enterprises will be now able to sync and bring all users and groups from Okta into HPE GreenLake Flex Solutions.

In this blog post, I will walk you through the process of configuring Okta SCIM adapter to sync users and groups over to HPE GreenLake Flex Solutions.

Okta (SCIM) Adapter

You can synchronize users and groups from your Okta identity management service to HPE GreenLake Flex Solutions using the Okta System for Cross-domain Identity Management (SCIM) adapter.

The Okta SCIM adapter application can be installed from the Okta Integration Network (OIN) into your Okta implementation to allow for integration with a SCIM-compliant API. Any user that needs to be synchronized to HPE GreenLake Flex Solutions must be assigned to the Okta SCIM adapter application in your Okta implementation. Groups whose memberships need to be synced to HPE GreenLake Flex Solutions must be added as a Push Group in the application. Users can be assigned to the application using the same groups that are synchronized to HPE GreenLake Flex Solutions.

Configuring a SCIM application in Okta.

• Step 1: In the Okta Admin Console, deploy an application from the app catalog:
  a. Go to Applications > Browse App Catalog.
  b. In the search bar type SCIM 2.0, and find the app called: SCIM 2.0 Test App (OAuth Bearer Token).
  c. Select the application and then click Add Integration.

• Step 2: In the Add Scim2.0 Test App page, do the following:
  a. Change the application label name if you want and make sure Automatically log in when user lands on login page is checked.

b. Click Next. On the following page, click Done.

Step 3: After the application is created, configure the integration:
a. Click the Provisioning tab, then select Configure API Integration.
b. Select the Enable API Integration check box.
c. In the SCIM 2.0 Base Url field, enter: https://sps.us1.greenlake-hpe.com/v1alpha1/scimproxy.
d. In the OAuth Bearer Token field: to create long-lived tokens for user provisioning, see step 2 and step 3 of the blog post Configuring Azure Active Directory with long-lived tokens for user provisioning.
e. Uncheck the box for the Import Groups option.
f. Test that the URL and token are valid by clicking Test API Credentials, then click Save. If everything is correct, the following message is shown:

• Step 4: Configure the synchronization settings:
  a. Under the Provisioning tab > To App section, enable these settings:

  • Create Users
  • Deactivate Users

b. Select the six attributes shown in the following screenshot and discard the rest.

c. Assign the group you want to synchronize to HPE GreenLake Flex Solutions to the SCIM application under the Application > Assignments tab and add it as a push group in the Push Groups tab.

Assignments tab:

Push Groups tab:

Please note: Adding the Group Everyone group to the SCIM application could have unintended effects on all users.

These are all the steps required to configure a SCIM 2.0 application. Remember that users must be members of a group that is assigned to the SCIM application and that group must be included in a push group. Now all configured groups can be pushed into HPE GreenLake Flex Solutions via the Okta SCIM Adapter.

Please return to the HPE Developer Community blog for more tips and tricks on working with the HPE GreenLake platform.