Skip to main content

Okta

This package adds single sign on to your Qore application.

Support

Supported
SCIM User Provisioning
SAML Auth

Installation

You can install the package via composer:

composer require qore/okta

Laravel

Make sure to migrate.

php artisan migrate

SCIM Provisioning

This plugin enables your application to become an SCIM Service Provider.
To understand the SCIM protocol please read the Okta SCIM documentation before advancing further.

Setting up Laravel

Set env

Add the following variable to your .env OKTA_SCIM_API_TOKEN=mysupersecretbearertoken

This token will be used by Okta to make authenticated request with the Laravel API.

Setting up an Okta Application

Local development

Local development requires some work. A tool like Ngrok is needed. And a new Okta application needs to be set up.

Creating the Okta application

  1. Sign in to your Okta tenant as an administrator.
  2. In the Admin Console, navigate to Applications > Applications.
  3. Click Create App Integration.
  4. In the Create a new app integration dialog, choose SAML 2.0 and click Next.
  5. Enter an App name such as "Qlicnet 2 SCIM" and click Next.
  6. In Configure SAML step, in the SAML Settings section, enter values for:
  7. Configuring SAML can be skipped for now. SSO Url and Audience URI can be http://placeholder
  8. Click Next.
  9. In the last page, select I'm an Okta customer adding an internal app, and click Finish.

Enabling SCIM Provisioning

  1. In the newly created Okta app and select the General tab.
  2. Edit the app settings.
  3. Set Provisioning to SCIM.
  4. Select the Provisioning tab after saving.
  5. Edit the SCIM Connection:
propertyvalue
SCIM connector base URL<backend_url>/scim/v2
Unique identifier field for usersemail
Supported provisioning actionsSupport for all Imports are not recommended
Authentication modeHTTP Header
Insert the same bearer token as in the .env
  1. Test the Connector and save.
  2. In the To App pane enable the features you want (Create Users, Update User Attributes, Deactivate Users)

Usage

This package creates, updates and deactivates/deletes SCIM (users, groups) resources.

Models and DB

This package comes with the following models: ScimResource, ScimResourceAttribute, ScimResourceSchemas. Each ScimResource has a 'resource_type' attribute which can be 'User' or 'Group'.

ModelDescription
ScimResourceThe User or Group Resource.
To identify type use the 'resource_type' attribute.
ScimResourceAttributeA ScimResource hasMany Attributes.
Each attribute is stored like:
{ "attribute": "email", "value": "admin@qlic.nl" }
Important notice

Again, this package will not create user models. You should create them using the events. However, it does migrate morph columns on the 'scim_resources' table and offers the relation 'scimable' on the ScimResource to retrieve the morph model.

Events

The package does not create authenticateable Users, or Groups. And should be implemented by a developer.

The package fires the following events that should be used to respond to SCIM Events:

User events
EventWhen
ScimUserResourceWasCreatedAfter a Okta user is added to the Okta application
ScimUserResourceWasUpdatedAfter a Okta user's attributes are updated
ScimUserResourceWasActivatedAfter a Okta user is added to the Okta application
This does not delete the ScimResource but sets its ScimResourceAttribute with attribute active to value true
ScimUserResourceWasDeactivatedAfter a Okta user is removed from the Okta application
This does not delete the ScimResource but sets its ScimResourceAttribute with attribute active to value false
Group events
EventWhen
ScimGroupResourceWasCreatedAfter a Okta group is pushed in the Okta application
ScimGroupResourceWasUpdatedAfter a Okta group's attributes are updated in the Okta application
ScimGroupResourceWasDeletedAfter a Okta group is removed from the Okta application.
Before this event is fired the ScimResource is softdeleted in the db.
ScimGroupResourceMembersWasChangedAfter a Okta user is added/removed to/from a Okta group that is active in the Okta application

Release notes

All notable changes will be documented here.

0.0.1 - Initial release