Provisioning is available if you’re already using the latest version of the CodeSignal app on Okta. You can create, update, and deactivate accounts. Syncing groups is not currently supported.
Prerequisites
Before you can provision external users into your account you should have single sign-on (SSO) through Okta already configured for your CodeSignal account. Also, make sure that you have the user provisioning functionality for your Okta account. See Okta's Lifecycle Management for more details.
Step 1: Retrieve your Bearer Token from CodeSignal
- Log in to your company's CodeSignal account. You will need to be a CodeSignal admin to complete this step!
- Click MY COMPANY SETTINGS in the drop-down menu in the top right of your screen.
- In the SSO tab, check to make sure Enable SSO is toggled on.
- Navigate to the User Provisioning tab and toggle on Enable SCIM. Then, click the blue CREATE button to generate a SCIM Token. Copy this token to use in Step 2.
- In the Default Role drop-down menu, choose the default role you'd like to be assigned to new users: Interviewer, Manager, or Company Admin.
Step 2: Enable SCIM API integration in Okta
- Log in to Okta and go to the CodeSignal application in your admin dashboard.
- Click on the Provisioning tab and then click the Configure API Integration button.
- Check the Enable API integration checkbox and enter the token received from Step 1 in the API Token field.
- Click Test API Credentials and then click Save after making sure that the test was successful.
- Click To App in the left sidebar.
- Click Edit and choose the operations that you would like to enable.
- Click Save.
Step 3: Check the email address format in Okta
CodeSignal uses the email address of a user for identification. That means that the email address attribute for a user should match between SAML SSO and the SCIM user provisioning in the Okta app. Click the Sign on tab. From the Credentials details section, look for the Application username format setting. Make sure that it is set to a value that indicates the primary email of the user. Setting it to Okta username is still correct if your Okta username is set to be the primary email.
Step 4: Import and assign users
Go to the Import tab and click Import now. It will fetch existing users from CodeSignal and allow you to automatically add or assign them to existing users in Okta. After that you can make any assignments in the Assignments tab. Note that users added to CodeSignal will need to accept an invitation email before they can start using the platform. This is done to protect user privacy and ensure that users are not unintentionally added to a company to give them a chance to confirm before applying company authentication restrictions to their account.
Note that all new users added to CodeSignal will be added with the Interviewer role. You can adjust their role from your CodeSignal dashboard once they accept the invitation.
Step 5: Configure owned email domains
In the SSO tab of your company settings in CodeSignal, you will see a section called Owned Email Domains. To add your company's domain (or additional domains) to this list, please contact support@codesignal.com.
Owned email domains are verified as belonging to your company. User accounts with these emails will be automatically created on CodeSignal without requiring confirmation from the users.
Questions? Email support@codesignal.com