You can provision users and groups from Okta to VMware Workspace ONE® Access™ using the VMware Workspace ONE application that is available in the Okta Integration Network (OIN). The VMware Workspace ONE application uses System for Cross-domain Identity Management (SCIM) provisioning, which is an open standard for automating the exchange of user identity information.
To configure SCIM provisioning from Okta to Workspace ONE Access, you perform prerequisite tasks in Workspace ONE Access first and then configure the VMware Workspace ONE application in Okta.
This diagram shows a high-level overview of the provisioning process:
- Okta is configured to use the VMware Workspace ONE provisioning application.
- Okta provisions the user to Workspace ONE Access using SCIM.
- The AirWatch Provisioning adapter in Workspace ONE Access provisions the user to VMware Workspace ONE® UEM, if Workspace ONE UEM is part of your Workspace ONE-Okta integration.
The VMware Workspace ONE application in the Okta Integration Network supports the following features:
- Create users
- Update user attributes
- Deactivate users
- Create groups
- Add or remove group members
Using the same Okta group for assignments and for group push is not currently supported. To maintain consistent group membership between Okta and Workspace ONE Access, you must create a separate group that is configured to push groups to Workspace ONE Access.
- A Workspace ONE Access SaaS tenant
- An Okta tenant
- (Optional) Workspace ONE UEM SaaS tenant or version 19.09 or later for dedicated or on premise
- Download and install the Postman app.
About This Document
Follow the procedures in the order in which they are listed in this document. Before you configure the VMware Workspace ONE application in the Okta Admin console, you must perform the following prerequisite tasks in Workspace ONE Access:
- Create an OAuth 2.0 client.
- Generate an OAuth bearer token (requires Postman).
- Create a directory of type Other (requires Postman).