Okta SCIM Configuration Guide
If your organization uses Okta to manage your employees’ access to tools and services, you can take advantage of Okta’s “Provisioning” feature to automatically grant access to Getty Images to your users. The integration between Okta and Getty Images that enables this provisioning to occur is built around an industry-standard protocol known as SCIM (System for Cross-domain Identity Management). To learn more about how Okta works with SCIM, please see this article. The remainder of this guide is focused on enabling you to configure both Getty Images and Okta to get provisioning up and running for your organization.
The following provisioning features are supported by Getty Images at present:
- Push Users: Users in Okta that are assigned to the Getty Images application within Okta are automatically added as users in Getty Images.
- Update User Attributes: When user attributes are updated in Okta, they will be updated in Getty Images. The attributes that can be updated are First name, Last name, and email
- Deactivate Users: When users are deactivated in Okta, they will be set to ‘disabled’ within Getty Images – which prevents the user from logging into Getty Images.
- You should already have an Okta/GettyImages SAML 2.0 integration configured. See Okta SAML 2.0 Configuration Guide.
- Contact your Getty Images account representative or a customer service representative (email@example.com) to let them know you’d like to use SCIM.
- After receiving a confirmation email with the Getty Images division for your application and the appropriate credentials, you can proceed with the configuration.
Configure Provisioning (SCIM) in the Okta Getty Images application
- In Okta, go to Admin > Applications > Applications and select the Getty Images application.
- Select the Provisioning tab. Under the Settings panel on the left side, select Integration. Then click the Configure API Integration button.
- Select Enable API Integration. A section allowing Authentication should appear.
- Click the Authenticate with Getty Images button. A new window will open prompting for a Username and Password. This Username and Password should be provided by your Getty Images account representative when you request to use SCIM. Enter these credentials and click Authorise.
- You should be redirected back to the Okta Provisioning page and should see a note that Getty Images was verified successfully. Click Save.
- Under the Provisioning tab, select To App from the Settings panel on the left side. Click Edit and select Create Users, Update User Attributes, and Deactivate users. Click Save.
- Your connection is now ready to send data to Getty Images.
- A single integration’s provisioning configuration must be one of: Just-in-Time User Provisioning, SCIM Provisioning, or no provisioning.
- When UserName is updated using SCIM, Getty Images updates the SSO specific NameId, but not the Getty Images Username that is reflected on the admin page.
- Division, which is a User Profile Attribute, is required when using SCIM Provisioning. This will be provided to you by your account or customer service representative.
If you have questions or difficulties with your Okta/Getty Images SCIM integration, please contact Getty Images support via firstname.lastname@example.org.