Integrate CXone and Okta with SCIM

Complete each of these tasks in the order given.

Create an Access Key to Authenticate with Okta

You will need to set up an access key to authenticate Okta with CXone. This involves creating a new role and employee profile dedicated to the authentication.

  1. In CXone, click the app selector and select Admin.
  2. Add a new role for the access key.

    1. Go to SecurityRoles and Permissions.
    2. Click New Role.

    3. Give the role a descriptive name. For the use case described previously, you might call it SCIM Access Key.
    4. Click the Permissions tab. Select the Admin tab on the left and enable the Employees Create and Edit permissions. The View permission will be automatically enabled.

    5. Click Save & Activate.

  3. Create a new employee profile for the access key:

    1. Click the app selector and select Admin.

    2. Click Employees.

    3. Click Create Employee.
    4. Give the employee profile an email address you own so that you can activate the employee account later.

    5. Give the employee profile a descriptive first and last name. For example, SCIM AccessKey.

    6. In the Primary Role drop-down, assign the employee to the role you just created.

    7. In the Attributes drop-down, clear all checkboxes so you aren't charged for the account.

    8. Click the Security tab and select a Login Authenticator.

    9. Click Create.

  4. In the Employees table, find and click the new employee profile you created to open it.

  5. Click the Security tab.

  6. Under Access Keys, click Add access key.

  7. Copy the Access Key ID and paste it somewhere you can save it.

  8. Click (SHOW SECRET KEY).

  9. Copy the Secret Access Key and paste it where you want to save it. If you ever lose the secret key, you'll need to create and share a new one.

  10. Click Save.

  11. In the Employees table, click Invite next to the new employee profile you created.

  12. When you receive the account activation email, follow the instructions in the email to activate the account.

  13. Share the access key only with users you want to use the service.

Create and Configure an Okta Application

Before you begin, make sure you have access to Okta. You will need to create an application.

  1. Log in to your Okta management account.

  2. Click Applications menu > Create App Integration.

  3. Select SWA as the method and click Next.

  4. Enter the name you want to use to identify this integration, and click Next.
  5. Enter your CXone login page URL in the App's login page URL field.
  6. Click Finish.

Enable SCIM Provisioning

  1. In the Okta application you just created, click the General tab.

  2. Click Edit in the App Settings window.

  3. Select Enable SCIM provisioning.

  4. Click Save.

Set the SCIM Settings

  1. In the Okta application you created previously, click the Provisioning tab.

  2. Click Edit in the SCIM Connection window.

  3. Enter the SCIM connector base URL. This URL is different based on region. It will follow this format: https://(region)nice-incontact.com/scim/v2. For example, the SCIM connector base URL for the NA1 region is https://na1.nice-incontact.com/scim/v2.

  4. Enter userName in the Unique identifier field for users field.

  5. Select Push New Users and Push Profile Updates in the Supported provisioning actions field.

  6. Select OAuth 2 as the Authentication Mode.

  7. Enter https://cxone.niceincontact.com/auth/token as the Access Token Endpoint URI. For Fedramp, enter https://cxone-gov.niceincontact.com/auth/token as the Access Token Endpoint URI.

  8. Enter https://cxone.niceincontact.com/auth/authorize?scope=openid as the Authorization endpoint URI. For Fedramp, enter https://cxone-gov.niceincontact.com/auth/authorize?scope=openid as the Authorization endpoint URI.

  9. Enter the client ID that you received from the SCIM app registration in the Client ID field.

  10. Enter the client secret that you received from the SCIM app registration in the Client Secret field.

  11. Click Save.

Authenticate with CXone

  1. In the Okta application you created previously, click the Provisioning tab.

  2. Go to Settings > Integration.

  3. Enter the access key ID you saved earlier.

  4. Enter the secret key you saved earlier.

  5. Scroll to the bottom of the page and click Authenticate with CXONE.

  6. Log in to CXone.

Set Provisioning Actions

  1. In the Okta application you created previously, click the Provisioning tab.

  2. After the integration is verified, go to Settings > To App.

  3. Click Edit and select Create Users, Update User Attributes, and Deactivate Users.

  4. Click Save.