Okta & Other SCIM Directories
Any SCIM-enabled user directory or Identity Provider (IDP) can be configured to automatically provision phone directories within CX.
This guide uses Okta as an example, however these SCIM principles can be applied to any other SCIM-enabled directory.
The following are a list of pre-requisites for this integration:
- CX Admin Access – to configure the new CX directory
- IDP/Directory admin access – to configure an application
- IDP/Directory user & group setup – a user group should be set up that your users are members of
- All users that will be ingested should have a valid E164 phone number configured. Note: this phone number field should have any spaces removed to ensure the Call History search functions correctly in CX.
Adding a New External Directory
Once the pre-requisites are complete, to add a new directory click the Add Directory button on the Contact Centre > Customise > Integrations > External Directories page. If you have not added any other external directories, this button will be in the middle of the page; otherwise, it is in the top right.
Setup in Admin
- Enter a meaningful name, click
Other Directory, then clickNext Step. - Take a note of the security token (save it somewhere secure) that is displayed, expand
SCIM Configuration, and save the base URL. You will need these later in the setup (but you can come back to them). Then, click theNext Stepoption. - Click
Finish.
Setup On Okta
Now that the CX configuration is complete, it is time to configure the SCIM application in the User Directory system — in this case, Okta.
-
Sign in to the Okta Portal.
-
Click Applications, then
Browse App Catalog. -
In the search bar, enter
SCIMand clickSCIM 2.0 Test App (Header Auth), thenAdd Integration. -
Provide a name in the
Application Labelfield underGeneral Settingsand clickNext. -
Accept defaults on the
Sign-On Optionspage and clickDONE. -
Now navigate to the
Provisioningtab and clickConfigure API Integration, then tickEnable API Integration. -
In the
Base URL, enter the URL saved from CX in an earlier step. -
In the
API Token, enterbearer{APIKEY}``. For example, if your API key isABC123, enterbearer ABC123(without quotes). -
Click
Test API Credentials. When the test succeeds, clickSave. -
On the Provisioning tab, under
To AppclickEditand enable the following provisioning operations by ticking each box:- Create Users — provision new CX directory entries when users are added to the assigned Okta group.
- Update User Attributes — push attribute changes (phone number, name, title, etc.) into CX when they change in Okta.
- Deactivate Users — remove the directory entry from CX when the user is unassigned from the group or deactivated in Okta.
All three should be ticked for a typical phone-directory sync. Click Save when done.
-
Scroll down to the
Attribute Mappingssection and ensure the mappings are set exactly like the table below.
You can also reference the CX mappings in the directory wizard screen, which contains the following information:
| Directory Attribute | SCIM Attribute |
|---|---|
| userName (or equivalent) Required string | userName |
| id (or equivalent) Required string | externalId |
| phoneNumber (or equivalent) Required E164 string | phoneNumbers[type eq "work"].value |
| firstName (or equivalent) Optional (surname provided) string | name.givenName |
| lastName (or equivalent) Optional (given name provided) string | name.familyName |
| email (or equivalent) Optional string | emails[type eq "work"].value |
| jobTitle (or equivalent) Optional string | title |
- Now navigate to the
Assignmentssection and add a group or set of users. This should trigger provisioning automatically. Check Reports/System Log in Okta to check for any issues.
External Directory Contacts in CX
External contacts should now load in the Organisation tab of Directory within CX. Selecting a contact avatar will display more information about the contact.
You may need to reload CX if the directory did not exist when it was first loaded.