Modern Health SCIM 2.0 Provisioning Guide
SCIM is not available for customers at this time
This integration with Okta is currently under development and is not available to customers yet. Contact us to learn more.
Provisioning is available for Modern Health, which means that you can create, update, and deactivate accounts from Okta. Syncing groups is not supported at this time.
User provisioning allows you to sync your Okta organization with your Modern Health organization. This page describes how to configure user provisioning when Okta is your identity provider.
Features
The currently supported provisioning features are:
Creating users
Updating user attributes (First Name, Last Name, Work Email)
Deactivating Users
Requirements
There are a couple of things you need to do before you can provision external users into your sites and products:
1.
Ensure you have Lifecycle Management available in Okta. See Lifecycle Management for more details.
2.
Contact Modern Health at clients@joinmodernhealth.com to ensure that your organization has the required capability to utilize provisioning.
Step by Step Configuration Instructions
Step 1. Get Access Token
A token is required to authenticate your Okta app instance with Modern Health. Tokens issued expire after 6 months, so they will need to be re-issued periodically before this expiration in order to ensure continuous user provisioning.
To get started:
To get started:
1.
Email clients@joinmodernhealth.com to start the process of getting an access token for your organization.
2.
You will be issued a set of credentials - a client ID and secret, which will be used in the following step.
3.
Use this client ID and secret in the form of an HTTP POST request, along with grant_type=client_credentials to the authentication endpoint at Modern Health. The endpoint is https://api.joinmodernhealth.com/oauth/token. If using curl, the request will look like this:
And the response will look like:
Any HTTP client such as Postman may be used:
4.
Keep the access_token parameter returned from this response for the next step
Step 2. Enable SCIM API integration in Okta
This step requires the bearer token created from the client credentials in Step 1. Get Access Token above.
1.
Log in to Okta and add the Modern Health SCIM 2.0 application.
2.
From the application, click on the Provisioning tab and then click Configure API integration.
3.
Select Enable API integration.
4.
Enter “https://api.joinmodernhealth.com/scim/v2” as the Base URL and use the access_token you created in an earlier step as the API key.
5.
Click Test API Credentials. If the test passes, click Save.
6.
CIick To App under Settings.
7.
Click Edit and select Enable for the options you'd like to have.
Step 3. Make sure the email address is correct in Okta
User provisioning uses an email address to identify a user in the Modern Health app and then create a new Modern Health account or link to an existing Modern Health account. As a result, if the email address attribute for a user is inconsistent between the SAML SSO setting and the SCIM user provisioning setting in the Okta app, the user could end up with duplicate Modern Health accounts.To avoid duplicate accounts, make sure the email address attribute that maps user account is the same for SAML SSO and SCIM user provisioning:
1.
From the User provisioning tab in Okta, note the field that maps to the Primary email attribute.
2.
Click the Sign on tab. From the Credentials details section, look for the Application username format setting.
Okta passes this field from a user's account as the SSO email address when creating or linking a Modern Health account.
Okta passes this field from a user's account as the SSO email address when creating or linking a Modern Health account.
Step 4. Assign users to the Modern Health SCIM 2.0 application in Okta
It is recommended to assign the application to an Okta group rather than to assign the app to individual users. Note that if many users are assigned the application at once, whether individually or through an Okta group, it may take some time in order to fully sync.
Schema Discovery
Schema Discovery is not supported at this time.
Troubleshooting and Tips
Please note that initially provisioning a large number of users may take a while, so allow up to 24 hours for this process to complete the first time.
Additionally, please note that after deactivation is complete in Okta, it may take up to 15 minutes in order for accounts to become fully deprovisioned in the Modern Health app.
Please contact clients@joinmodernhealth.com for help with the integration or any additional questions.
Additionally, please note that after deactivation is complete in Okta, it may take up to 15 minutes in order for accounts to become fully deprovisioned in the Modern Health app.
Please contact clients@joinmodernhealth.com for help with the integration or any additional questions.