Modern Health SCIM 2.0 Provisioning Guide

SCIM is not available for customers at this time

This integration with Okta is currently under development and is not available to customers yet.  Contact us to learn more.

Provisioning is available for Modern Health, which means that you can create, update, and deactivate accounts from Okta. Syncing groups is not supported at this time.

User provisioning allows you to sync your Okta organization with your Modern Health organization. This page describes how to configure user provisioning when Okta is your identity provider.

Features

The currently supported provisioning features are:
Creating users
Updating user attributes (First Name, Last Name, Work Email)
Deactivating Users

Requirements

There are a couple of things you need to do before you can provision external users into your sites and products:
1.
Ensure you have Lifecycle Management available in Okta. See Lifecycle Management for more details.
2.
Contact Modern Health at clients@joinmodernhealth.com to ensure that your organization has the required capability to utilize provisioning.

Step­ by ­Step Configuration Instructions

Step 1. Get Access Token

A token is required to authenticate your Okta app instance with Modern Health.  Tokens issued expire after 6 months, so they will need to be re-issued periodically before this expiration in order to ensure continuous user provisioning.

To get started:
1.
Email clients@joinmodernhealth.com to start the process of getting an access token for your organization.
2.
You will be issued a set of credentials - a client ID and secret, which will be used in the following step.
3.
Use this client ID and secret in the form of an HTTP POST request, along with grant_type=client_credentials to the authentication endpoint at Modern Health.  The endpoint is https://api.joinmodernhealth.com/oauth/token.  If using curl, the request will look like this:
And the response will look like:
Any HTTP client such as Postman may be used:
4.
Keep the access_token parameter returned from this response for the next step

Step 2. Enable SCIM API integration in Okta

This step requires the bearer token created from the client credentials in Step 1. Get Access Token above.
1.
Log in to Okta and add the Modern Health SCIM 2.0 application.
2.
From the application, click on the Provisioning tab and then click Configure API integration.
3.
Select Enable API integration.
4.
Enter “https://api.joinmodernhealth.com/scim/v2” as the Base URL and use the access_token you created in an earlier step as the API key.
5.
Click Test API Credentials. If the test passes, click Save.
6.
CIick To App under Settings.
7.
Click Edit and select Enable for the options you'd like to have.

Step 3. Make sure the email address is correct in Okta

User provisioning uses an email address to identify a user in the Modern Health app and then create a new Modern Health account or link to an existing Modern Health account. As a result, if the email address attribute for a user is inconsistent between the SAML SSO setting and the SCIM user provisioning setting in the Okta app, the user could end up with duplicate Modern Health accounts.To avoid duplicate accounts, make sure the email address attribute that maps user account is the same for SAML SSO and SCIM user provisioning:
1.
From the User provisioning tab in Okta, note the field that maps to the Primary email attribute.
2.
Click the Sign on tab. From the Credentials details section, look for the Application username format setting.
Okta passes this field from a user's account as the SSO email address when creating or linking a Modern Health account.

Step 4. Assign users to the Modern Health SCIM 2.0 application in Okta

It is recommended to assign the application to an Okta group rather than to assign the app to individual users. Note that if many users are assigned the application at once, whether individually or through an Okta group, it may take some time in order to fully sync.

Schema Discovery

Troubleshooting and Tips