How to configure user provisioning with the SCIM v2 API

User provisioning allows you to synchronize user accounts between your IdP and Talentlms using the SCIM v2 API. Common usage scenarios include pushing new users to Talentlms, activating/deactivation them and updating user profiles automatically. This saves time and ensures that your users' access privileges maintained in a centralized place. Currently Talentlms support Okta's user provisioning mechanism but in the future it will support additional providers that are compatible with SCIM v2 API.

Note: Our integration with OKTA is at an acceptance stage. We anticipate that it will be live within the next couple of day.

Configuring User Provisioning with Okta

This guide provides the steps required to configure Provisioning for Talentlms, and includes the following sections:
  • Features
  • Requirements    
  • Configuration Steps
  • Known-issues and Troubleshooting Tips
Features
The following provisioning features are supported:
  • Push New Users
    New users created through OKTA will also be created in Talentlms.
  • Push Profile Updates
    Updates made to the user's profile through OKTA will be pushed to Talentlms.
  • Push User Deactivation/Activation
    Deactivating the user or disabling the user's access to the application through OKTA will deactivate the user in Talentlms. Note that deactivating a user means changing users status from active to inactive. User account is not deleted. Activation of user accounts is also supported.
  • Import New Users
    New users created in Talenlms will be downloaded and turned into new Okta users. If the Okta user already exists, the two accounts will automatically be linked. Imported users are assigned Talentlms Okta App access when they are confirmed on the Import tab. User import is not scheduled by default.
  • Push Password Updates
    Updates made to the user’s password through OKTA will be pushed to Talentlms.
Requirements
Before you configure provisioning for Talentlms, make sure that you have succesfully configured SSO with Talentlms in Account&Settings -> Users section. Click on the “Save and check your configuration” button to ensure that the SSO login is succesfull and all required user attribute/value pairs are returned from Okta. Username (TargetedId) as well as email must be unique among the Okta users.

Configuration Steps
Configure your Provisioning settings for Talenltms as follows:
  1. Check the Enable provisioning features box.
  2. API Credentials


    In Base Url, type the SCIM v2 API Url of your Talentlms domain, in the form
    https://{your-domain}.talentlms.com/api/scim2
    Replace {your-domain} with your actual domain name. For example if your domain is examplelms, then the Base url filed must be https://examplelms.talentlms.com/api/scim2
    In Api Token, type the token found in Account&Settings -> Users -> Single Sign-On (SSO) -> Enable SCIM v2 user provisioning

  3. Scroll down and select the Provisioning Features you want to enable.
  4. Click Next
    You can now assign people to the app (if needed) and finish the application setup.
Known-issues and Troubleshooting Tips
  • If 'Time zone' and 'User type' is not defined for a specific user, then Talentlms user account will get default values. The default time zone can be defined in Account&Settings -> Basic settings -> Locale -> Default time zone. The default user type can be defined in Account&Settings -> Users -> Default user type. The respective default values for branches can be defined in branch edit page.
  • After deleting a provisioned user account in Talentlms and in order to avoid the email uniqueness warning when trying to push a new user through user provisioning, you must ensure that the deleted account is permanently deleted. Refer to the following article on how to do it: How to permanently delete a User/Course
Disclaimer
This integration with Okta is currently under development and is not available to customers yet.

Feedback and Knowledge Base