You can now set up BombBomb user provisioning in Okta from the Okta Integration Network (OIN). User provisioning gives your team administrator the ability to add and remove users from your BombBomb paid seat team using your external user directory in Okta.
Prerequisites
There are a few things you need to set up before you can provision external users in BombBomb:
- You must have a paid team subscription with BombBomb to enable user provisioning with Okta. To sign up for BombBomb for a Team account, visit BombBomb’s pricing page.
- Once you have a paid team subscription, you need to have the correct permission level within BombBomb. You must be assigned the Team Admin or Super Admin permission level for your BombBomb team. QA and Content admins do not have access to this feature. Here’s a guide about our permission levels.
- If you have an existing team with BombBomb, we recommended you import your existing team members from BombBomb to Okta before you provision any new accounts. All team members in BombBomb will have a first name, last name, and email address. See Importing Users From BombBomb to Okta below.
- If you have not installed the BombBomb app in Okta yet, here’s a guide to set that up. Make sure to complete the step specific to SCIM that adds an Okta Domain in the configuration.
Supported features
When you perform the following user management operations from Okta, your updates will sync with your team in BombBomb.
We sync user accounts from Okta using their email address to match with a BombBomb account.
Feature | Description |
Create a new user account |
If an email address from Okta doesn't match an existing BombBomb account, a new BombBomb account is automatically created for that email address on your team and that user's account is added to your BombBomb paid seat team. When a new user is added to your team, your BombBomb seat count will automatically increase by one. |
Link an existing user account | If a user's email matches an existing BombBomb account, the user is sent an invitation to join the team. Learn more about invited members. |
Update a user's profile |
You can update the following fields from Okta:
We do not support updating email address and suffix at this time. |
Activate a user account | You can activate accounts that were previously deactivated on the team in BombBomb. When you reactivate a member, your seat count will be increased by one. |
Deactivate a user account |
Different actions occur based on the type of user being deactivated on the team:
|
Import existing users | You can import existing users from BombBomb to Okta to make sure both applications have the same users synced. |
Unsupported features
- Changing the email address for a user is not supported using Okta. Please contact support@bombbomb.com if you need a team member’s email address to change in BombBomb.
Example: Existing Okta user with the email johndoe@company.com is successfully provisioned with BombBomb. If that user’s email is later changed to johndoeupdated@company.com in Okta, the email address will not be changed in BombBomb.
- Preventing full user access to BombBomb after a user is deactivated in Okta.
Example: An existing user is provisioned successfully with BombBomb. Later the user is deactivated in Okta. When the deactivated user returns to BombBomb, they will not be able to log in using their Okta SSO. The user can request a password reset and if they still have access to that email address, they will have the ability to reset the password and get access to a limited version of their BombBomb account. They will not be able to access emails, videos, or contacts.
STEP-BY-STEP CONFIGURATION INSTRUCTIONS
Set up connection to BombBomb in Okta
In order to enable provisioning in Okta for your BombBomb team, ensure you completed the prerequisite steps. Then perform the following:
1. Log in to Okta and add the BombBomb application.
2. From the application click on the Provisioning tab and then click "Configure API Integration."
3. Select the Enable API integration checkmark and then authenticate the app by selecting "Authenticate with BombBomb."
4. You will be redirected to BombBomb to give Okta access to your BombBomb account. Select "Allow."
5. You will be redirected back to Okta and should see a message stating that the app was verified successfully. Click "Save."
6. Click "To App" and then "Edit." Choose which options you want to enable.
7. Click "Save" to apply the settings.
Importing users from BombBomb to Okta
1. In Okta, click "Import." This is where you can import existing users from BombBomb to Okta.
2. Select "Import Now."
3. Once Okta checks BombBomb for users, you will receive a message in Okta letting you know how many users were imported, updated, unchanged, and removed.
Assigning users to BombBomb in Okta
1. In Okta, click "Assignments." This is where you are able to add or remove users from the BombBomb app.
2. Click "Assign" and choose to either "Assign to People" or "Assign to Group." This will add either individually selected members or a group of individuals to your BombBomb Team.
Note: BombBomb currently doesn’t support syncing Okta groups to BombBomb subteams.
3. If you wish to remove a user from your BombBomb team, select the “X” icon in the same row as their name.
KNOWN ISSUES AND TROUBLESHOOTING
Problem | Workaround/troubleshooting tips |
The user account does not appear on the Member Manage page in the Team Dashboard, even though the user seems to be successfully synced in Okta. | Account provisioning uses a queuing system that can take up to 30 minutes to complete. Check back after that amount of time, and if the user is still not on the Member Manage page, try removing them from the Okta app and adding them again. |
A user shows up as Invited in the Member Manage page in the Team Dashboard instead of as active. | If a user’s status is Invited in BombBomb, that means they had an existing account with BombBomb prior to you adding them through provisioning. For security, that account will have to accept the invitation before we add them as a member of your paid seat team. |
Okta says I don’t have permission to access BombBomb. | Ensure that the BombBomb account you are logging in with in Okta has Super Admin or Team Admin permissions on the team you wish to use provisioning with. Team members (without admin permissions), Content Admins, and QA Admins do not have access to provisioning. |
When provisioning and deactivating accounts from Okta, seat count adjustments are different than adjusting seats in BombBomb. |
It’s important to note that when accounts are provisioning from Okta to BombBomb, your BombBomb seat count will automatically increase for the amount of users you are adding. When adding users from the BombBomb platform, you must add seats first. When removing users in BombBomb, you must decrease the seat count manually to not be charged for unused seats. Visit our team management documentation for more information. |
Your provisioned members in Okta will always match your seat count in BombBomb. |
Your seat count in BombBomb will always match the amount of provisioned user your have in Okta. The only time this won’t be the case is if you have a minimum seat count requirement with BombBomb. BombBomb free seats will also go to provisioned users if you have any available. |
Provisioned user’s email address cannot be updated. |
Changing the email address for a user is not supported using Okta. Please contact support@bombbomb.com if you need a team member’s email address to change in BombBomb. Example: Existing Okta user with the email johndoe@company.com is successfully provisioned with BombBomb. If that user’s email is later changed to johndoeupdated@company.com in Okta, the email address will not be changed in BombBomb. |
A deactivated user’s account has restricted access but is not deleted. |
If a user is provisioned with BombBomb but later deactivated in Okta, when the deactivated user returns to BombBomb, they will not be able to log in using their Okta SSO. However, the user can request a password reset and if they still have access to that email address, they will have the ability to reset the password and get access to a limited version of their BombBomb account. They will not be able to access emails, videos, or contacts. You can prevent full user access to BombBomb after a user is deactivated in Okta by logging into your BombBomb Team account and removing that team member. Learn more. |
When I try to authenticate with BombBomb, I get a Client authentication failed message. |
You may need to fix your Okta Domain in your BombBomb configuration settings in Okta.
|
Comments
0 comments
Please sign in to leave a comment.