This integration is Okta certified for Partner-built EA. Contact support@sendsafely.com to learn more.

Features

The following provisioning features are supported:

Create Users

Users assigned to the Okta SendSafely application will be automatically created and registered in the associated SendSafely portal. Provisioned users will be able to log into SendSafely by clicking the “Login using Single Sign-on” button from their SendSafely portal login page or by clicking the SendSafely application from their Okta Home page.

Update User Attributes

Updates made to the user's Okta profile will also update the associated attributes in the user’s SendSafely profile. The only user profile attributes currently supported for updating from Okta are First Name and Last Name.

Deactivate Users

Deactivating the user or disabling the user's access to the SendSafely application through Okta will deactivate the user’s account in SendSafely. Deactivating a user results in removal of the SendSafely user's profile data and deletion of all files and messages from their history.

Prerequisites

Provisioning for SendSafely requires the following:

• Setup Single Sign-On (SSO) with SAML in your SendSafely portal.
• Create a SendSafely Service Account with administrative privileges to perform all provisioning actions from Okta. Follow these steps:
  • First, create a Service Account.
  • Next, promote that Service Account to Admin by having another Admin click the checkbox beside its name in the Users tab of the Enterprise Console.

• • Then, impersonate the new Administrator Service Account by clicking the icon with three dots and selecting Profile.
  • Select API Keys. Generate a new API Access Key.
  • Click the link that reads, "Click here if you would like to use this API key for SCIM authentication" (Fig. 1). This will display the SCIM API Username and SCIM API Password required for configuring the SCIM API integration (Fig. 2). Note that the SCIM API Password will only be displayed once, when generated. 
  • You will need to input this SCIM API Username and SCIM API Password in Okta. Proceed to Step-by-Step Configuration Instructions below.

Figure 1.

Figure 2.

 

Step-by-Step Configuration Instructions

Configure Provisioning for SendSafely in Okta as follows:

1. Make sure the Hostname setting under General App Settings is configured to your SendSafely portal hostname.

2. Click the Provisioning tab, then the Configure API Integration button.

3. Check Enable API Integration and enter the SCIM API Username and SCIM API Password previously generated from the designated SendSafely Administrator Service Account. When you click the Test API Credentials button, you should see a success message similar to that highlighted below.

Click the Save button when done. You are now ready to configure Okta to Application provisioning settings.

4. From the SETTINGS menu, select To App, and the click the Edit button. Check Enable for the following features supported by the Okta SendSafely SCIM Provisioning integration:

• Create Users
• Update User Attributes
• Deactivate Users

Click the Save button. See screenshot below for reference.

The setup is complete, and you can now perform provisioning for the SendSafely application.

 

Known Issues/Troubleshooting

• Only provisioning from Okta to SendSafely is supported at this time.
• SendSafely does not currently support updates made to a user's User Name from the OKTA User Profile Editor.
• All active SendSafely Workspaces that are owned by a user who gets deactivated through SCIM will immediately be moved to archived status and permanently deleted 30 days later.