Introduction
Okta is a Single sign-on (SSO) user authentication tool that enables users to securely access multiple applications and services using just one set of credentials. If your company has added Okta to their ModernLoop plan, you can manage login access to ModernLoop and maintain consistent security across your organization through Okta.
This help centre article outlines the prerequisites, supported features, and steps to enable SAML and SCIM with ModernLoop's Okta Integration. By following this guide, you will be able to smoothly implement the integration and leverage its capabilities for seamless user management.
View our integration on Okta here: https://www.okta.com/integrations/modernloop/
In this article
- Pricing
- Supported Features: SAML
- Supported Features: SCIM
- Enabling SAML
- Enabling SCIM
- Managing ModernLoop User Role
- Troubleshooting
- FAQ
Pricing
Single sign-on, including Okta is an optional, paid add-on service.
If you are not currently using Okta with ModernLoop but want to explore it further, contact your Account Executive or Customer Success Manager for additional information.
Supported Features: SAML
The Okta/ModernLoop SAML integration offers the following functionalities:
- Service Provider (SP)-initiated Single Sign-On (SSO)
- Just In Time (JIT) Provisioning
- Identity Provider (iDp)-initiated SSO
Supported Features: SCIM
With the Okta/ModernLoop SCIM integration, you can:
- Create users
- Update user attributes
- Deactivate users
Please note that Okta cannot update user attributes for Admin users due to an API limitation.
Enabling SAML
Your Customer Success Manager will email you your Customer ID and a list of existing ModernLoop users. Once you have received this information from your CSM, please proceed to completing the steps outlined below.
- Search for ModernLoop in the App Integration Catalog within Okta and select ModernLoop
- Click Add
Configure application settings
Sign On tab
- From the Sign-on tab, click Edit
- Scroll down and under Advanced Sign-on Settings, enter the Customer ID provided to you by your CSM
- Click Save
- Select Copy under the Metadata URL
- Provide this URL to your Customer Success Manager
Assignments tab
Users of ModernLoop must be provisioned in the Assignments tab. Your CSM will provide you with a list of current ModernLoop users to be provisioned. Please refer to Okta's best practices for provisioning and deprovisioning users:
https://help.okta.com/en/prod/Content/Topics/Apps/Provisioning_Deprovisioning_Overview.htm
Enabling SCIM
ModernLoop supports user provisioning and deactivation. The following attributes are required:
Attribute Name | Value |
user.email | |
firstName | user.firstName |
lastName | user.lastName |
The following properties passed by Okta, if provided, will be mapped directly to ModernLoop SCIMUser object and stored in the ModernLoop Database. The minimum required attributes are familyName, givenName, and emails.
- userName: mapped directly to 'userName' property coming from SCIM
- name: mapped directly to 'name' property coming from SCIM
- familyName: The family name of the User, or last name in most Western languages (e.g., "Jensen" given the full name "Ms. Barbara Jane Jensen, III”).
- givenName: The given name of the User, or first name in most Western languages (e.g., "Barbara" given the full name "Ms. Barbara Jane Jensen, III”).
- emails: mapped directly to 'emails' multivalued property coming from SCIM
- displayName: mapped directly to 'displayName' property coming from SCIM
- locale: mapped directly to ‘locale' property coming from SCIM
- active: mapped directly to ‘active' property coming from SCIM. Denotes if user is active or inactive (true/false)
- modernloopRole: this is a custom property to map to ModernLoop roles - INTERVIEWER/SCHEDULER/ADMIN
see Managing ModernLoop User Roles for more information.
Steps to Enable SCIM
- Navigate to the Provisioning tab
- Select Configure API Integration
- Enter the API Token in the API Token field and select Test API Credentials
- Click Save
Your ModernLoop Customer Success Manager should have provided you with a SCIM API Token specific to your organisation. To finalise the setup, navigate to the Provisioning tab, enter the token into the designated input field, test the connector configuration, and save your changes. This process will enable user provisioning on ModernLoop via Okta.
Managing ModernLoop User Roles
ModernLoop offers three user access roles: INTERVIEWER
ADMIN
and SCHEDULER
. The ADMIN
role grants comprehensive administrative access to your ModernLoop organisation, while the SCHEDULER
role provides more limited access. You can select the user role while assigning the user to Modernloop app in Okta. The INTERVIEWER
role provides access to the Interviewer Portal.
Note: if no user role is specified, the default role will be set to INTERVIEWER
.
To control these roles, an additional custom attribute is required: modernloopRole
Requirements
- External name is
modernloopRole
- External namespace is
urn:ietf:params:scim:schemas:core:2.0:User
- Attribute member values are defined as:
-
ADMIN
- for admins -
SCHEDULER
- for schedulers -
INTERVIEWER
- for interviewers
-
If you would like to control Role at the Group level this is how you would set it up in Okta:
Troubleshooting
If you encounter issues while using ModernLoop's Okta Integration, consider the following solutions:
- SAML not working: Ensure that you have entered the correct Customer ID and provided the necessary configuration details to your ModernLoop account executive.
- SCIM not working: Verify that you have added the SCIM API Token supplied by the account executive.
For additional assistance, please contact ModernLoop support at support@modernloop.io.
FAQ
Q: Does ModernLoop support IDP initiated login?
A: ModernLoop does support IDP initiated login.
Q: Can I log in with Google SSO if my company is using Okta?
A: Once Okta has been implemented for your organization, all users must log in using Okta.