Okta SCIM Configuration

You can use Security Assertion Markup Language (SAML) single sign-on (SSO) and System for Cross-domain Identity Management (SCIM) with Okta to automatically manage access to your organization on Gamesight.

This guide walks you through the process of configuring SCIM services to Gamesight through Okta.

📘

SAML single sign-on is available on Gamesight as an add-on service. Please contact us to enable SAML single sign-on and SCIM for your organization.

About SAML and SCIM with Okta

You can control access to your Gamesight organization, teams, games and services from one central interface by enabling your Gamesight organization to use SAML SSO and SCIM with Okta, an Identity Provider (IdP).

SAML SSO controls and secures access to organization resources like game integration, billing and team management. SCIM automatically adds, manages, and removes members access to your Gamesight organization when you make changes in Okta. For more information, see “SAML Integration” and “About Scim”.

Once SCIM is enabled, the following provisioning features are available for any users that you assign to your Gamesight application in Okta.

FeatureDescription
Push New UsersWhen you create a new user in Okta, the user will also have an account created in your Gamesight organization for immediate access.
Push User DeactivationWhen you deactivate a user in Okta, Okta will remove that user from your Gamesight organization.
Push Profile UpdatesWhen you update a user’s profile in Okta, Okta will update the metadata for that user’s membership in your Gamesight organization.
Reactivate UsersWhen you reactivate a user in Okta, the user’s membership within your Gamesight organization will be restored.
Import UsersAny existing users in your Gamesight Org can be imported and managed into your Okta Organization.

Prerequisites

You must first ensure you have configured and setup the SAML integration as outlined here.
In order to add the Gamesight app, you must use the "Classic UI" in Okta. For more information, see Organized Navigation on the Okta blog.

694

Configuring access provisioning with SCIM in Okta

  1. In the Okta Dashboard, click Applications.
  2. In the list of applications, click the label for the application you created for the organization that uses Gamesight.
  3. Under the name of the application, click Provisioning.
  4. Click Configure API Integration.
  5. Select Enable API Integration.
  6. Enter the SCIM Key, provided by Gamesight.
  7. Click Save.
  8. To the right of “Provisioning to App”, click Edit.
  9. To the right of “Create Users”, select Enable.
  10. To the right of “Update User Attributes”, select Enable.
  11. To the right of “Deactivate Users”, select Enable.
  12. On the Sign On application tab, select Email for Application username format
  13. Click Save.

Known Issues / Troubleshooting

Conflict: User already exists in the database
If you see this error when trying to assign users to the Gamesight app, it means a Gamesight user with that email address already exists, and their account isn't linked to your Gamesight Org with SAML SSO + SCIM enabled.

📘

This is an intentional security feature to prevent idP's from claiming accounts that already exist on Gamesight.

To assign the duplicate user in your Gamesight org through Okta, the user with the conflict should first delete their account on Gamesight. You can then assign the user to the Gamesight app in Okta and their account will be recreated within your Gamesight Org.

If you are still having problems with this after the user deletes their Gamesight account, please contact us via support.