Identity management (IdM) integration capabilities in Quickbase, using the standard System for Cross-domain Identity Management (SCIM) specification, allow you to sync Quickbase with Okta.
Features supported
The following provisioning features are supported:
-
Create new users. New users created through Okta are also created in your Quickbase account/realm.
-
Update user attributes. Updates made to the user’s attributes through Okta are pushed to your Quickbase account/realm.
-
Deactivate users. Deactivating the user or disabling the user's access to the application through Okta denies access for the user in your Quickbase account/realm.
-
Reactivate users. Reactivating the user through Okta restores access for the user in your Quickbase account/realm.
-
Create groups. New groups created and pushed through Okta are also created in your Quickbase account/realm.
-
Add users to groups. Users added to the pushed group through Okta are also added to the group in your Quickbase account/realm.
-
Remove users from groups. Users removed from the group through Okta are also removed from the group in your Quickbase account/realm.
-
Delete groups. Groups deleted through Okta are removed from your Quickbase account/realm.
-
Update group name. Updates made to the pushed group name through Okta are pushed to your Quickbase account/realm.
-
Push groups. Push groups created in Okta pushes the group and all of its members to your Quickbase account/realm.
Prerequisites
Before you configure provisioning for Quickbase, make sure you have:
-
Your Quickbase realm name.
-
Your realm admin user token. More about creating a user token
Sign in to Okta
-
Sign in to Okta with an account that has admin privileges.
-
Select Admin.
-
Select Classic UI.
Configure Quickbase integration
-
Select Applications, then select Add Application.
-
Search for "Quickbase" and select Add.
-
On General Settings, enter an Application label, enter your realm name as the Subdomain, then select Next.
-
For Sign-On Options, Quickbase currently supports SAML 2.0.
Secure Web Authentication is not currently supported.
Select SAML 2.0, leave the Default Relay State field blank, then select View Setup Instructions and save the information. You will need to provide this information to Quickbase to set up your realm. Then, select Done.
-
Select Provisioning then select API Integration.
Select the Enable API Integration checkbox, and enter the Realm Admin user token as the API Token.
-
Select Test API Credentials to test the connection, then select Save.
Enable Okta to SCIM provisioning
-
On the Provisioning tab, select To App, then select Edit.
-
Select the check boxes to enable Create Users, Update User Attributes, and Deactivate Users.
-
Keep the default User Attribute Mapping. Quickbase requires the following attributes:
-
User name
-
Name (givenName, familyName)
-
Email (primary)
Other attributes will be used in the future. To avoid migration, Quickbase stores all attributes now.
-
-
Select Save.
Provisioning users
-
Select Directory, and then select People.
-
Select Add Person
-
Enter the person's: First name, Last name, Username, and Primary email.
-
To add the user to a group, enter the group name and search for it from the group pop-up list. Select the group name and then select Add. Repeat this step for each additional group to which you want to add the user.
-
For Password, select "Set by admin".
-
Enter the password assigned for this user, which needs to be supplied to the user separately for their initial sign in.
-
Select "User must change password on first login."
-
Select Save or Save and Add Another.
Adding users to your application
You can add users to your application using either of these methods:
- Add each user individually
- Add users through groups
To add each user individually:
-
On the Assignments tab, select Assign and select Assign to People.
-
Select Assign next to the people you want add to your application.
-
If necessary, you can update the User Name, then select Save and Go Back to add more people. Once you are finished adding people, select Done.
Provisioning groups
-
Select Directory, and then select Groups.
-
Select Add Group.
-
Enter the group's name and description (optional).
-
Select Add Group.
Adding users to your group
You can add users to your application using either of these methods:
- Add each user individually
- Add users through groups
To add users through a group:
-
Select Directory, and then select Groups.
-
Locate the group from the Groups list, and select the group name.
-
Select Add Members.
-
Search for the user by typing its name. Select Add next the user you want to add to the group. Repeat this step to add other users to the group. After you have added all of the users, select Done.
Removing users from your group
If the group has been pushed in your application, users will be removed from your Quickbase account/realm.
If users are not members of any other groups that have been pushed in your application, and the users were not added to your application as people, then these users will be denied in your Quickbase account/realm.
To remove users from a group:
-
Select Directory, and then select Groups.
-
Locate the group from the Groups list, and select the group name.
-
Select X next to the user you want to remove from the group.
Updating group name
If the group has been pushed in your application, the group name will be updated in your Quickbase account/realm.
To update a group name:
-
Select Directory, and then select Groups.
-
Locate the group from the Groups list, and select the group name.
-
Rename the group name, and then select the small check mark to the right of the name.
Adding groups to your application
You can add groups to your application from the Assignments tab.
-
On the Assignments tab, select Assign and select Assign to Groups.
-
Select Assign next to the group you want add to your application.
-
You can update the group information, or leave as is. Select Save and Go Back to add more groups.
-
After you have finished adding groups, click Done.
Pushing groups to your Quickbase account/realm
When you push groups from Okta, the groups will be created in your Quickbase account/realm.
-
On the Push Groups tab, select Push Groups and select Find groups by name.
-
Enter the group you want to push to Quickbase in the text field, and then select it from the group list.
-
Verify that the Push group memberships immediately check box is selected.
-
Verify that Create Group is selected.
-
Select Save to push the group; or if you have additional groups you want to push, select Save & Add Another.
Deleting groups from your Quickbase account/realm
When you unlink and delete pushed groups from Okta, the groups will be deleted from your Quickbase account/realm.
However, the group and individual users that were pushed through the group to your Quickbase account/realm will not be affected. To remove these users' access to your Quickbase account/realm, you must un-assign the groups from the Assignment tab.
To unlink and delete groups from your Quickbase account/realm:
-
On the Push Groups tab, locate the group you want to delete from the Pushed groups list.
-
Select the down-arrow in the Push Status of the group.
-
Select Unlink pushed group.
-
Select Delete the group in the target app (recommended) and then select Unlink.
To un-assign groups and remove these users' access to your Quickbase account/realm:
-
On the Assignments tab, select FILTERS and then select Groups.
-
Select X next to the group you want to remove from your application.
-
Select OK to confirm that you want to un-assign and remove the group.
Restrictions
-
The maximum length for user first name, last name, email, and username is 255 characters.
-
Spaces are not allowed in username and email values.
-
When pushing a group, Quickbase does not support linking existing groups that were created in Quickbase to groups that were created in Okta. When requesting a Refresh App Groups in Okta, Quickbase returns the groups that were provisioned in Okta, but excludes any groups that were created in Quickbase. As a result, the Quickbase groups are not listed in Link Group.
-
When using Push Now to resynchronize a group, any Quickbase users (users who were added to the group in Quickbase) are not affected in the Quickbase group. Okta is master for the group only for those users who were provisioned in Okta.
Troubleshooting
To troubleshoot errors with provisioning, read Troubleshooting IdM provisioning in the Quickbase API Guide.