Provisioning Guide: Chorus.ai + OKTA
We care deeply about ensuring we provide our customers with the highest level of security. One way to ensure your company’s Chorus instance is buttoned up is by using OKTA for single-sign on to Chorus. This also enables your organization to provision and de-provision access to Chorus for individual users in one single platform
This guide goes over the details of this feature, the configuration requirements and step-by-step instructions.
The following provisioning features are supported:
- Push New Users
- New users created through OKTA will also be created in ChorusPush Profile Updates
- Updates made to the user's profile through OKTA will be pushed to Chorus
- Push User Deactivation
- Deactivating the user or disabling the user's access to the application through OKTA will deactivate the user in Chorus
- Note: For this application, deactivating a user means removing access to login, but maintaining the user's Chorus information as an inactive user.
- Reactivate Users
- User accounts can be reactivated in Chorus
Before you configure provisioning for Chorus.ai, you must reach out to the Chorus.ai Support team to activate the feature. (firstname.lastname@example.org)
Step-by-Step Configuration Instructions
To get started, reach out to the Chorus Support team and let them know you want to use Okta for login and user provisioning. (email@example.com) A Support representative will provide you with an API token specific to your organization.
- Check the Enable provisioning features box.
- Click Configure API Integration.
- Check the Enable API integration box.
- Enter the API Token provided by Chorus Support.
- Click Test API Credentials; if successful, a verification message appears at the top of the screen.
- Click Save.
- Select To App in the left panel, then select the Provisioning Features you want to enable.
- Click Save.
- You can now assign people to the app (if needed) and finish the application setup.
- When assigning users or groups, Chorus.ai app attributes must be selected for Chorus Role and Chorus License Type.
Chorus.ai app was updated in February 2020 to provide a better overall experience to Okta customers. This section is relevant only If you already have an existing Chorus application from the Okta Integration Network, otherwise skip it.
- Attribute Members ‘Chorus Role’ changed to support the new roles on chorus.ai website.
To take advantage of these updates, you have to add a new instance of the Chorus.ai app in your Okta org. Follow the steps below to migrate from that old instance to a newly updated instance:
- Login to your Okta org as an Admin.
- Open the Admin UI.
- Click on Add Applications.
- Add a new instance of Chorus.ai.
- Configure the application including Provisioning. See earlier section on: Step-by-Step Configuration Instructions.
- After SCIM Provisioning has been enabled, go to the Assignments tab of your new Chorus.ai app instance. Click Assign and start assigning the same users/groups that are assigned to your old Chorus.ai instance. Make sure you assign all the users to your new Chorus.ai instance to avoid any accidental de-provisioning/loss of access for your users.
- Go back to your Admin Dashboard.
- Open your old Chorus.ai app instance. NOTE! This is the previous Chorus.ai app you added before adding a new one in step 4.
- Go to the Provisioning tab.
- On the SETTINGS section, click on API.
- Click on Edit and uncheck Enable API Integration. Click Save.
- You can now deactivate or delete your old Chorus.ai app instance and continue using the new app that you added.
- If you were using SAML as the sign-on mode for your old Chorus.ai app instance, you will need to set up SAML on your new app instance in Okta (recommended) or maintain the old app instance to ensure that the SAML functionality continues to work.
- Setting up SAML guide:
- Initial activation of Okta provisioning in Chorus.ai requires contacting Chorus.ai Support, (firstname.lastname@example.org). Please reach out with any questions during your configuration process.
- Chorus.ai does not support modifications to the username or email address.
- Note: When users are deactivated in Okta, they will be deactivated in Chorus. Users will not be able to login to the application, but their data will remain available as an ‘inactive user’. To permanently delete user data, contact Chorus.ai Support, (email@example.com).
All done Provisioning Chorus for Okta? Proceed to the next step: Set Up Organization Settings