Okta SSO and SCIM

👥

Access Required

You must be a Guru admin to access the SSO/SCIM page in **Manage** and to set up SSO for your team.



Setting up Okta SSO

  1. Log into your Okta Admin portal. In the left menu, click Applications > Applications.
  2. Select Browse App Catalog.

image.png

  1. Search for "Guru", click on the Guru app, then click + Add Integration.
    image-1.png
  2. On the General Settings- Required page, the Application Label should read "Guru". Select your Application Visibility Settings and click Done.
  3. Click on the Sign On tab and then click the View SAML setup instructions button to open them in a new tab. These instructions will walk you through what values to copy and paste from Okta into Guru on your SSO/SCIM Team Settings page (and vice versa). If you are signed into Okta, these instructions will automatically populate with your team's variables.

image-2.png

  1. After completing the steps in Guru, navigate back to Okta. Close the setup instructions and click on the Assignments tabs and assign People and/or Groups to the Guru application in Okta.
    image-3.png
  2. Finally, ask users to return to their Okta Dashboard and click on the Guru icon to log into Guru.

 

Setting up Okta SCIM

  1. Open the SSO/SCIM tab in Team Settings​ and toggle ​"Authorize SCIM Provisioning" to on.
  2. Inside of the Guru Okta App, navigate to the Provisioning tab and click on the API Integration setting.
Setting up Okta Push Groups click on API Integration
  1. Click the checkbox to enable the API Integration and then paste in the Username and Token (Password), which can be found under the SCIM Provisioning tab at the bottom of the SSO/SCIM page in Guru, then click Save.
Setting up Okta Push Groups filling in username/password

You can click on Test API Credentials to ensure that the credentials are accurate. Click Save.


  1. Click Edit next to the Provisioning to App settings. From here, you should enable the Create UsersUpdate User Attributes, and Deactivate Users settings. Under Create Users, ensure that the default username is set to Email. If it is not set to email, you must navigate to the Sign On tab and change it there.
Setting up Okta Push Groups Provisioning to App settings

✍️

Note

If Deactivate Users is not enabled, users who are removed from Okta will still exist in Guru and will continue to be billed. Click **Save**.



  1. Navigate to the Assignments tab and assign the people or groups you'd like to add to Guru.
Setting up Okta Push Groups managing Assignments

✍️

Note

Adding groups in the assignments tab does not create a group in Guru, it simply adds the users in those groups to Guru. This allows you to add users in batches, rather than individually.



  1. Navigate to the Push Groups tab in Okta. This is where you will add groups from Okta into Guru.
Setting up Okta Push Groups add Groups from Okta into Guru

✍️

Note

If the name of the Okta group has the same name as an existing group in Guru, Okta will sync with the Guru group once you click save. This will add the users in the Okta group to the existing Guru group. All users previously in Guru group before sync, will remain in the group.



✍️

Note

Enabling **Import Groups** will bring your Guru Groups (those not provisioned by Okta) into Okta. If Import Groups is disabled, those Groups will not be brought into Okta.


Frequently Asked Questions about authenticating to Guru through Okta

How will users log in to Guru when SSO is turned on?
After Okta SSO has been enabled in Guru, all users must log in to Guru via their Okta Dashboard. Admins will still be able to log into Guru using the web app (with their Guru username and password) as a failsafe, in case of any issues.

Will I have to still invite people to my Guru team?
If you've given your existing team members access to Guru through Okta, they will be able to sign into Guru through Okta. With new team members, it depends on the Provision Type setting in the SSO/SCIM page in Guru. With "Automatically Add Users" enabled, once a user signs in via Okta, a Guru account will be automatically created for them and they will be able to see your team's content.

How do group provisioning and Collection access work?
You can set up users who log into Guru through Okta to join one default Group in Guru. Please note that all new and current users are automatically included in the All Members group. From there, an Admin can add the user to other Groups for them to have the appropriate Collection access.