Integrate CXone and Okta with SCIM

Complete each of these tasks in the order given.

Before Integrating CXone and Okta with SCIM

Complete the following steps before you start the integration process between CXone and Okta.

  1. Register your application with CXone:

    1. Enter your email address, name, and business unit ID. You can find your business unit ID by logging into the developer portal . It is listed in yellow in the top left corner of your page.

    2. Click Next.

    3. Enter the name of your application. For example, you could enter Okta CXone Integration.

    4. Enter a description for the application. In the description, you should note that the application is for SCIM. You should also list your SCIM server, like Okta or Azure AD. For example, you could enter Integrate Okta with CXone via SCIM.

    5. Enter the email addresses of your technical contacts. These contacts will receive information about the application.

    6. Select Email as the method. Your listed technical contacts will receive two emails. One will have the encrypted file containing application registration information. The other will have the password to open that file.

    7. Select Single Tenant.

    8. Indicate whether your system is in FedRAMP.

    9. Click Next.

    10. Select client_secret_post as the authentication method.

    11. Select all CXone ACD API scopes.

    12. Click User, Confidential or User, Public for the application type.

      If you select Back-end, the application will not work, and you will need to resubmit your application.

    13. Enter the following as your redirect URL: https://system-admin.okta.com/admin/app/cpc/${appName}/oauth/callback. Replace ${appName} with the name of your application.

    14. You can leave the Origin and Logout URL fields blank.

    15. Click Submit to complete the registration process.

  2. Copy your CXone client id and secret. You will need access to both later in the integration process.

  3. Make sure that your user role has the SCIM permission enabled.

    1. Click the app selector and select Admin.

    2. Go to Security Settings > Roles and Permissions.

    3. Select your role and click Permissions.

    4. Click Admin.

    5. Go to General Permissions > SCIM.

    6. Toggle the SCIM permission On.

  4. Create a role named Agent if you don't already have one.

    All users provisioned with Okta will automatically be assigned to the Agent role. You cannot provision users without a role named Agent.

    1. Click the app selector and select Admin.

    2. Go to Security Settings > Roles and Permissions.

    3. Click New Role.

    4. Enter Agent in the Name field.

    5. Click Save & Activate.

Create and Configure an Okta Application

Before you begin, make sure you have access to Okta. You will need to create an application.

  1. Log in to your Okta management account.

  2. Click Applications menu > Create App Integration.

  3. Select SWA as the method and click Next.

  4. Enter the name you want to use to identify this integration, and click Next.
  5. Enter your CXone login page URL in the App's login page URL field.
  6. Click Finish.

Enable SCIM Provisioning

  1. In the Okta application you just created, click the General tab.

  2. Click Edit in the App Settings window.

  3. Select Enable SCIM provisioning.

  4. Click Save.

Set the SCIM Settings

  1. In the Okta application you created previously, click the Provisioning tab.

  2. Click Edit in the SCIM Connection window.

  3. Enter the SCIM connector base URL. This URL is different based on region. It will follow this format: https://(region)nice-incontact.com/scim/v2. For example, the SCIM connector base URL for the NA1 region is https://na1.nice-incontact.com/scim/v2.

  4. Enter userName in the Unique identifier field for users field.

  5. Select Push New Users and Push Profile Updates in the Supported provisioning actions field.

  6. Select OAuth 2 as the Authentication Mode.

  7. Enter https://cxone.niceincontact.com/auth/token as the Access Token Endpoint URI. For Fedramp, enter https://cxone-gov.niceincontact.com/auth/token as the Access Token Endpoint URI.

  8. Enter https://cxone.niceincontact.com/auth/authorize?scope=openid as the Authorization endpoint URI. For Fedramp, enter https://cxone-gov.niceincontact.com/auth/authorize?scope=openid as the Authorization endpoint URI.

  9. Enter your CXone client id in the Client ID field.

  10. Enter your CXone client secret in the Client Secret field.

  11. Click Save.

Authenticate with CXone

  1. In the Okta application you created previously, click the Provisioning tab.

  2. Go to Settings > Integration.

  3. Scroll to the bottom of the page and click Authenticate with CXONE.

  4. Log in to CXone.

Set Provisioning Actions

  1. In the Okta application you created previously, click the Provisioning tab.

  2. After the integration is verified, go to Settings > To App.

  3. Click Edit and select Create Users, Update User Attributes, and Deactivate Users.

    Field Details
    Create Users Enabling this setting will allow you to create users in CXone with the Okta application.

    Update User Attributes

    Enabling this setting will allow you to update user attributes in CXone with the Okta application.
    Deactivate Users Enabling this setting will allow you to deactivate users in CXone with the Okta application.

  4. Click Save.