Okta profiles is SCIM provisioning tool and also allows rich Okta user metadata to be viewed inside a Jira ticket. This tool is especially useful in Jira Service management where agents need to see rich user profile of the person they are serving.
Getting started.Getting started
API Authentication Setup
To start, you will need Okta API credentials from your Organization Okta Account. You will need
User Token
URL to your okta instance.
Both pieces of information can be found in Okta admin. Navigate to Security > API.
Copy the Issuer URI.
Navigate to the token tab and generate a new token. Copy the new token.
Both pieces of information will be needed in the next step.
Next enter the information in Okta API Credentials area of Okta Profiles and validate the information.
Next, optionally provide credentials for Atlassian Access SCIM provisioning.
Atlassian Access SCIM Provisioning (Optional)
This section can be skipped if you do not have Atlassian Access. |
You will need
Atlassian Access Directory URL (Optional. Only need if provisioning users from Okta into Access)
Atlassian Access directory token (Optional. Only need if provisioning users from Okta into Access)
See how to Configure Atlassian Access SCIM Directory for user Provisioning.
Past in the base URL and API key of the directory created and save.
OAuth2 Authentication
Step 1: General Settings
Navigate to your Okta Dashboard.
Go to Applications and select the application you wish to configure.
Under the General Settings, configure the Application section as follows:
Application type: Web
Grant type: Make sure to enable both Authorization Code and Refresh Token.
Step 2: Refresh Token
Within the same General Settings:
Scroll to the Refresh Token section.
Select Use persistent token to ensure that the refresh tokens are long-lived.
Step 3: Login Redirection
Under the Login section, locate the Sign-in redirect URIs.
Add your specific redirect URI. For JIRA integrations, it typically looks like this:
Code Block language none <JIRA_URL>/plugins/servlet/ac/com.mumosystems.okta-profiles/connection-pageEnsure that you replace
<JIRA_URL>with your actual JIRA instance URL.If your application setup requires, enable the option to Allow wildcard * in login URI redirect.
Step 4: Okta API Scopes
Scroll to the Okta API Scopes section.
Grant the following scopes by ensuring they are set to Granted:
okta.users.readokta.users.manageokta.eventHooks.readokta.eventHooks.manageokta.groups.readokta.groups.manageokta.schemas.read
These scopes control which API endpoints the application can access and what operations it can perform.
Step 5: User Consent
In the User Consent section, select Require consent.
Provide the Terms of Service URI, Policy URI, and Logo URI if necessary.
Step 6: Finalizing Setup
After completing the configuration:
Review all settings to ensure they are correct.
Click Save to apply the changes.
Step 7: Reviewing Granted Scopes
In the Okta API Scopes tab, verify that all required scopes have been granted.
If any scopes are missing, grant them accordingly.
Step 8: Activation and Testing
Ensure that the application status is set to Active.
Test the integration to confirm that the OAuth flow is functioning as expected. This can be done by attempting to sign in through the integration and checking for successful redirection and authentication.
Back in Jira, enter same api URL from Okta above. Then paste the client ID and Client secret. Make sure to validate then sync the data.
Synchronize Data
Synchronize the users. This might take a while depending on the amount of users you are synchronizing. Once this is done, you will have a user directory of all Okta users that match users in Jira.
| Table of Contents | ||||
|---|---|---|---|---|
|