You can integrate your CXone Mpower system with any IdP for use with SCIM. If you're integrating with Okta using the app registration method, use the instructions on the Okta integration page. The steps on this page will also enable you to integrate with Okta.
Complete each of these tasks in the order given.
Generate Access Keys
This process requires you to set up an access key. This means creating a new role and employee profile dedicated to the authentication.
- In CXone Mpower, click the app selector
and select Admin. -
Add a new role for the access key.
- Go to Security > Roles and Permissions.
-
Click New Role.
- Give the role a descriptive name. For the use case described previously, you might call it SCIM Access Key.
-
Click the Permissions tab. Select the Admin tab on the left and enable the Employees Create and Edit permissions. The View permission will be automatically enabled.
-
Click Save & Activate.
-
Create a new employee profile for the access key:
-
Click the app selector
and select Admin. -
Click Employees.
- Click Create Employee.
-
Give the employee profile an email address you own so that you can activate the employee account later.
-
Give the employee profile a descriptive first and last name. For example, SCIM AccessKey.
-
In the Primary Role drop-down, assign the employee to the role you just created.
-
In the Attributes drop-down, clear all checkboxes so you aren't charged for the account.
-
Click the Security tab and select a Login Authenticator.
-
Click Create.
-
-
In the Employees table, find and click the new employee profile you created to open it.
-
Click the Security tab.
-
Under Access Keys, click Add access key.
-
Copy the Access Key ID and paste it somewhere you can save it.
-
Click (SHOW SECRET KEY).
-
Copy the Secret Access Key and paste it where you want to save it. If you ever lose the secret key, you'll need to create and share a new one.
-
Click Save.
-
In the Employees table, click Invite next to the new employee profile you created.
-
When you receive the account activation email, follow the instructions in the email to activate the account.
-
Share the access key only with users you want to use the service.
Generate a Bearer Token
When you generate a bearer token, you must select a user profile to attach it to. Any changes made using this token will be credited to this user. You can grant separate tokens to each user you want to be able to make changes using SCIM, or you can have multiple users share one token. When you create a bearer token, you can only see the token once for security purposes. The token is scoped specifically and exclusively for SCIM APIs. It doesn't grant access to any other APIs or services.
-
In CXone Mpower, click the app selector
and select Admin. Go to Tenant Configuration > Account Settings. -
Scroll down to the SCIM Token section.
-
From the User drop-down, select the user profile you want to be able to use the bearer token. Click Generate.
-
Hover over Show Token and click Copy
. -
Save the token somewhere safe. You won't be able to retrieve the token again after you leave this page.
-
Click Save.
Set the SCIM Settings
-
Open your IdP application. Use these guidelines to set up the integration:
-
The base URL for the connection differs based on region. It follows this format:
-
The unique identifier for CXone Mpower users is the username.
-
The IdP needs to support pushing new users and pushing updates to existing users, updating user attributes, and deactivating users.
-
The authentication type is OAuth 2.
-
The access token endpoint URI is:
-
-
The authorization endpoint URL is:
-
-
-
Where required, enter the access key ID and secret access key pair and bearer token you saved earlier.
-
Save your settings.
-
Follow your IdP's instructions for initiating authentication with CXone Mpower.