Clockwise can integrate with Okta to synchronize enabled users with your paid plan. This lets you decide who you want to pay for using your preferred tools. This article will cover the setup instructions for Okta.
SCIM is primarily used for managing your Clockwise licenses. Here's how it works:
Licensing and User Status: When a Clockwise user's email aligns with one synced through SCIM, they are classified as a paid user. If there is no matching email in SCIM, the user is considered free.
- Emails from SCIM that don't currently match any of our users are still retained. This ensures that if a user later signs up for Clockwise with that email, they can be updated to a paid license.
- User Creation and Deletion: We do not use SCIM for creating or deleting users.
- Identity Information: For personal details such as given name and family name, we rely exclusively on information from Google. We do not utilize fields provided by SCIM
IT Admin Control: We allow IT administrators the ability to block users who are not listed in SCIM and to oversee the management of free and paid users. This functionality requires customers to set up an Okta push group.
- To enable this, admins have the option to either submit a support request or contact our Customer Success team for assistance.
SCIM-based user provisioning is available to Enterprise customers. To set up the integration, you will first need to have admin access to the Okta dashboard. You will also need to be an admin for your plan in Clockwise.
Please note that the use of an identity provider disables the ability to add users via the Clockwise admin panel: instead, the user list maintained in Okta are the users who may have access. An admin may then allow access through either of these identity providers by provisioning access to the Clockwise application.
Navigate to “Applications” > “Applications” > “Browse App Catalog“.
- Search for “Clockwise”.
- Click “Add Integration”
- Navigate to the “Provisioning” tab and “Configure API Integration”.
- Click the checkbox “Enable API integration”.
- Navigate to the Organization Plans & Billing area of the Clockwise web app.
- Find your plan and click the discretion arrow to the right.
- Click “Configure SCIM” to be brought to an admin portal with our partner WorkOS.
- Follow the wizard to get set up. Please note: You do not need to configure push groups or custom attributes. Additionally, the token type required is an OAuth Bearer Token.
Copy the Endpoint and Token.
- Back in Okta, paste the Base URL and API Token.
Test the API Credentials and click “Save”.
On the Provisioning tab, click “To App” and click “Edit”.
Check each box for Clockwise’s supported provisioning actions:
- Create Users
- Update User Attributes
- The final page of the wizard will show a preview screen. Click “Back to Clockwise”.
- Navigate to “Applications” > “Applications” > “Browse App Catalog“.
As an admin, you might want to test out your Clockwise <> SCIM connection before adding the majority of your users. To do so, we recommend that you add yourself and up to 9 other users to confirm they are added to the corresponding Clockwise plan. When you add up to 10 users, Clockwise will not augment existing paid plan membership. Once you’ve confirmed things are working as expected, you can add the rest of your users. Please note that adding 10+ users will result in all of the users in your identity group moving to the paid plan; the rest will move to free.
Updates made to Okta groups will get picked up by our daily refresh job. Please allow 24 hours for changes made to groups. Updates to individual users and the directory itself are reflected immediately.
If your organization manages both free and paid users through Okta push groups, please note that if the Okta group is removed, all users in the directory will be switched to the free plan. However, if the group is re-added with the same name, only the members within that group will retain the paid plan.
If you have any questions or difficulties with your Okta SCIM integration, please contact Clockwise Support.