• SCIM Overview
• Pre-requisites
• Steps to enable SCIM in Banyan
  • Step 1: Enable SCIM in your Banyan org
  • Step 2: Enable SCIM on the Banyan app in your Okta admin portal
  • Step 3: Configure SCIM for the Banyan app in your Okta admin portal

SCIM Overview

Historically, when a user was assigned to the Banyan app via their org’s SCIM provider, the Banyan Command Center was unaware of that user’s existence until the user logged into Banyan. Banyan used Just-in-time (JIT) provisioning to update the Banyan Command Center’s directory of users, so that when a user logged into Banyan for the first time, the user would then be visible in Banyan’s directory.

The System for Cross-domain Identity Management (SCIM) is a protocol that allows Banyan to receive updates about its users from a SCIM provider (typically an IDP), without users needing to first log into Banyan. When enabled in Banyan, SCIM communicates which users are assigned to the Banyan app at a given time, keeping the list of users inside Banyan up-to-date. This offers admins a more seamless experience when assigning roles, policies, or services to users, since there’s more accurate reporting on the existence of users in Banyan.

This doc lays out the steps required to enable SCIM for your end users in Banyan, via Okta.

Pre-requisites

• A SAML-configured Banyan app in Okta

Steps to enable SCIM in Banyan

Step 1: Enable SCIM in your Banyan org

1.1 Navigate from Settings > Identity and Access > End User tab > SCIM Provisioning in the Command Center.

1.2 Toggle on SCIM Provisioning.

1.3 Generate an API token; copy the generated API token and store for later use in Step 3.4.

Note: A maximum of 2 API tokens can be generated at once.

Step 2: Enable SCIM on the Banyan app in your Okta admin portal

2.1 In your Okta admin portal, navigate to Applications and select the Banyan SAML app.

2.2 Navigate from General > App Settings, and select Edit.

2.3 Enable SCIM provisioning, and Save.

Step 3: Configure SCIM for the Banyan app in your Okta admin portal

3.1 Navigate to Provisioning, and select Edit.

3.2 Select Create Users, Update User Attributes and Deactivate Users, and Save.

3.3 Under Provisioning > Integration, paste the Base URL (generated in the Banyan Command Center in Step 1) into the SCIM connector base URL field (in Okta).

3.4 Copy the API token (also generated in the Banyan Command Center in Step 1) and paste into the Authorization field in Okta.

3.5 Ensure that Unique identifier field for users is set to email.

3.6 Ensure that Authentication Mode is set to HTTP Header.

3.7 Ensure that Import New Users and Profile Updates is not selected; this sends updates from Banyan to Okta.

3.8 Ensure that Push New Users and Push Profile Updates are selected.

3.9 Select Test Connector Configuration, and then Save.

3.10 Under Assignments on the Banyan app in Okta, assign a new user to the Banyan app. This user will now appear in your directory of users in Banyan, without the user having to log into Banyan.

---

Can’t find what you’re looking for?

We’re happy to help. Contact our team.