What is SCIM?
SCIM is an open standard for automating the exchange of identity information between systems, enabling advanced provisioning in order to automate the lifecycle of a user account within a software solution. SCIM can automate authorization settings and the creation, updating, and deactivation of user accounts.

If your organization want to use the provisioning feature in Okta, myPolicies would like to help you set up provisioning, enabling you to push account and authorization information from Okta to myPolicies via the SCIM standard.

In order for your organization to enable SCIM provisioning, please follow the step-by-step guide provided below.

1. Enable myPolicies SCIM Integration
   Contact us at myPolicies as we need to enable this integration option for your myPolicies account.
   After you contact us, we will enable SCIM integration for your tenant instance of myPolicies and send you the information you need to complete this step-by-step guide.
   To configure SCIM provisioning, you will need to be an admin in Okta for your organization. Make sure you have admin privileges in Okta or are working with someone who has admin privileges before continuing.
2. Select Admin.
3. Select Application. 
4. Select your myPolicies Application from the list by clicking the myPolicies App Name.
5. Select Provisioning.
6. Select Configuring API Integration.
7. Enter Base URL.  https://<tenant>.mypolicies.com/scim/v2
8. Enter API Token. (If you do not have a API Token, please contact your myPolicies representative.)
9. Select the "Settings" -> "To App"
10. Enable Create Users.
11. Enable Update User Attributes.
12. Enable Deactivate Users.
13. Configure Attribute Mappings. SCIM Attributes support by myPolicies
    SCIM 2.0 Core Schema
    
    • UserName (required and must be unique)
    • ExternalId/External_Id (required and must be unique)
    • active
    • password
    • name
    • • familyName
      • givenName
      • formatted
    • Emails (required and must be unique) (Target Attribute: emails[type eq "primary"].value)
    • • primary: true
      • value
      • type
    • addresses
    • • primary: true
      • country
    • displayName
SCIM 2.0 Extension Enterprise 1.0

• employeeNumber
• costCenter
• organization
• division
• department
• manager
• • displayName

urn:ietf:params:scim:schemas:core:2.0:myp:custom

• countryCode

When provisioning a user for myPolicies, please ensure the email address associated with the user has been included among the allowed email domains for your myPolicies tenant. Users with email domains different from the allowed list in myPolicies will be rejected.

• Select all users from the Users drop-down menu.
• Double-click the user you wish to provision.
• Select the Applications Tab.
• Click the ‘+’.
• Then select your myPolicies App from the drop-down menu.

Important Notes:
When users are deactivated or deleted in Okta they are deactivated in myPolicies. Notes: When a myPolicies user with a draft assignment (author, sponsor, owner) and/or published ownership assignments is deactivated their assignments will be moved from the deactivated user to the policy manager. Additionally, because of the way user name updates take place (i.e. the old user name is deactivated and the new user name is activated separately), draft assignments and published ownership assignments will be moved from the original user name to the policy manager and NOT to the new user name.

Interested in using groups? Contact us for additional information and setup assistance: support@mypolicies.com