In Okta > Applications, click Create App Integration and choose SAML 2.0 application.
Name the application (e.g., Favro).
Set the following values:
In the ATTRIBUTE STATEMENTS subsection, add the following:
Select I’m a software vendor. I’d like to integrate my app with Okta and Finish.
In Favro, go to Administration > Authentication Methods and click Configure on SAML authentication.
Enter your domain in the field and click Add domain button and complete the on-screen domain verification instructions.
In the application you just created in Okta, navigate to the Sign On tab, scroll down the page and click View SAML setup instructions button.
Copy your Okta configuration to Favro.
1) Copy from Identity Provider Single Sign-On URL to SAML login url.
2) Copy from Identity Provider Issuer to SAML logout url.
3) Copy from X.509 Certificate to SAML identity provider certificate.
(Optional) Select in Favro if the members will be automatically added to the organization when they sign in.
Make sure to apply the changes by clicking the Save configuration at the bottom of the page in Favro.
In the SAML app you previously created, navigate to the General tab and make sure the Enable SCIM provisioning is checked and Save the changes.
The Provisioning tab will now be visible. Navigate to the tab, click Edit and provide the following information:
SCIM connector base URL: https://favro.com/api/scim/v2
Unique identifier field for users: email
Push groups, Push Profile Updates, Push New Users: Check
Authentication mode: HTTP Header
Bearer: copy from Favro > Administration > Authentication methods > your domain > SCIM API token
And test the configuration to ensure everything is working so far.
Navigate to Directory > Profile Editor and edit the User (default) profile.
Click on Add Attribute and define the following values:
Display name: Favro Role
Variable name: user.favroRole
Define enumerated list of values: checked, and add:
Administrator : Administrator
Full Member : Full Member
External member : External Member
Guest : Guest
Repeat the process for the SAML application user that will be used for this integration. In our case, that would be Favro User. All the values are exactly the same as in our previous step, the only difference is the External namespace field which should be set to urn:ietf:params:scim:schemas:core:2.0:User
At the top of the Profile Editor page click on Mappings.
Make sure appuser.favroRole is mapped to favroRole in both Favro to Okta User and Okta User to Favro tabs.
Navigate to the SAML application used for this integration > Provisioning tab > To App > Edit.
Make sure the following options are checked:
Update User Attributes
(Optional) Admin users cannot be provisioned by the default. Make sure to enable the option in Favro > Administration > Authentication methods > your domain > Provision users with administrator role.
(Important) If the user role is not defined in their profile at the time of provisioning, users will be provisioned with the Full Member role by default.