Provision Okta Users

System administrators can configure Okta to automatically create, update, or disable users in your Nintex Process Manager site. You can also sync password changes in Okta.

Administrator role in Okta required. Promaster A Nintex Promapp system administrator who administers a Nintex Promapp site and has rights to view and edit all areas of a Nintex Promapp site. privilege in Nintex Process Manager required.

  • Create: Automatically creates a new user in your Nintex Process Manager site, when the user is added to your Nintex Process Manager application in Okta.

  • Update: Automatically updates changes made to an existing user in your Nintex Process Manager site, when the user details are updated in your Nintex Process Manager application in Okta.
  • Deactivate: Disables an existing user in your Nintex Process Manager site, when the user is deactivated in your Nintex Process Manager application in Okta.

Nintex Process Manager and Okta field mapping

Nintex Process Manager attribute in Okta

 Nintex Process Manager field
Username Logon
First name First Name
Last name Last Name

Email

 Email
Time zone  

Prerequisites

You must have the following prerequisites configured before you start:

  • Have an Okta account with Administrator privileges. For more information, see the Okta Help.
  • Have a Nintex Process Manager site user with Promaster privileges. For more information, see Managing users in Nintex Promapp.
  • Ensure that the Logon field for the User record in Nintex Process Manager must match the Username in Okta.
  • Ensure that your Okta password complexity settings match the password settings in your Nintex Process Manager site (Admin > Configure > Security).
  • Generate the SCIM access token as described in Create a SCIM access token.

Once you have the prerequisites configured, follow the details in the sections below.

Configure the Okta account

Follow these steps to configure the Okta account for automatic user provisioning to Nintex Process Manager.

Before you start Ensure you have generated the SCIM access token as described in Create a SCIM access token.

  1. Log in to your Okta site with an administrator account and select the Classic UI view from the top-left drop-down list.
  2. Click Applications > Active > <Select your Nintex Promapp application>.
  3. Click Provisioning > Configure API Integration.
  4. Select the Enable API integration check box.
  5. Paste the SCIM token you have generated in your Nintex Process Manager site in the API Token field.
  6. Click Test API Credentials. If you have entered a valid SCIM token, a success message is displayed.
  7. Click Save. On the left navigation pane, Settings > To App displays.
  8. Click Edit and enable the Create Users, Update User Attributes, and Deactivate Users settings.
    9. Important: 
    • We recommend enabling the Create Users, Update User Attributes, and Deactivate Users settings for the best user experience and seamless provisioning from Okta to Nintex Process Manager. Disabling any of them might cause an inconsistent state between the provisioned Okta user and the matching Nintex Process Manager user.
    • Do not enable the Sync Password setting as it is not supported.
  9. Click Save. Once saved, available provisioning options will display as green icons at the top of the application page.

Provision a new Nintex Process Manager user from Okta

  1. Log in to your Okta site with an administrator account and select the Classic UI view from the top-left drop-down list.
  2. Click Directory > People > <Select the user>.
  3. Click Assign Applications.
  4. Select the application and click Assign.
  1. Click Save and Go Back.
  2. Click Done. The user is automatically provisioned and created in your Nintex Process Manager site.

Map Okta user to an existing Nintex Process Manager user

  1. Log in to your Nintex Process Manager site and go to Admin > Users.
  2. Click edit to the right of the user you want to map. Note the value in the Logon field.

  3. Log in to your Okta site with an administrator account and select the Classic UI view from the top-left drop-down list.

  4. Click Directory > People > <Select the user>.
  5. Select the application and click Assign.
  1. Update the value in the User Name field to match the value in the Logon field in your Nintex Process Manager site.

  2. Click Save and Go Back.

  3. Click Done. Verify that user has been updated in your Nintex Process Manager site.

View provisioning status and logs

To monitor progress and view Audit logs, click View Logs next to the provisioning options on the top of the Provisioning page. TheSystem Log page displays details for all actions performed by the Okta provisioning service on Nintex Process Manager.

For more information, see Okta help.

Troubleshoot Okta provisioning

If your Okta provisioning to Nintex Process Manager was working previously but currently is not, it might be due to an expired SCIM access token. The SCIM access token is valid for a year after you generate. For more information, see Create a SCIM access token.

Although the provisioning action is quick, it is not instantaneous. Allow a 30 second delay for propagation to take effect when provisioning, deprovisioning, or updating user properties from Okta to Nintex Process Manager.