Guides & SDKsAPI Reference
Log InSign Up

Okta

SAML auth and SCIM provisioning with Okta

Suggest Edits

📘

In order to complete the instructions in this document, you must be an administrator in your Okta account and an owner in your Rollbar account.

Features

Okta can be used for both SAML-based authentication and SCIM-based team and user provisioning in Rollbar.

Requirements

  • You must be an administrator in your Okta account and an Owner in your Rollbar account
  • To use SCIM provisioning, you must first have the feature enabled in your Rollbar account. Contact [email protected] for more information.

Configuration Steps

Step 1: Add Rollbar as an application in Okta

In Okta:

  • Go to Admin > Applications.
  • Click on Add Application.
1192
  • Search for Rollbar and click Add.
731
  • In the General Settings screen, enter Rollbar as the application label, your Rollbar account name (found at https://rollbar.com/{accountname}), and then click Next.
672
  • In the Sign-On Options screen, select SAML 2.0 as the Sign-On Method, set Application username format to Email, click Identity Provider Metadata to download your SAML metadata, then click Done.

In Rollbar:

  • Go to {account name} Settings > Identity Providers
1776
  • Select Okta as your identity provider, paste your XML metadata, and click Save
1758
  • Optionally, you may require all Rollbar users to authenticate via Okta to access your account.

In Okta:

  • Assign groups and users to the Rollbar application.

📘

After following these steps, Okta users with an existing Rollbar user may log in via Okta. To enable provisioning of Rollbar users and teams from Okta, follow the instructions in the next section.

Step 2: Enable provisioning of Rollbar teams and users

📘

Provisioning is currently available on enterprise plans only. To learn more or request to have it enabled, please contact [email protected].

In Rollbar:

  • Go to {account name} Settings > Identity Providers.
1762
  • In the Provisioning Options section, copy the access token, select Enable user and team provisioning and click Save.

In Okta:

  • Go to Admin >Applications and select Rollbar.

  • Click on the Provisioning tab then click Configure API Integration.

  • Select Enable API Integration, paste your access token into the API Token field, click Test API Credentials, and then click Save.

1011
  • In the Provisioning settings, click on To App, then click Edit, enable all the options, and click Save.
1017
  • Go to the Push Groups tab, Click on the Push Groups button, and select Add select Find Groups by Name**. Add each of the groups that you'd like to add as teams to your Rollbar account, choosing to push group membership immediately and create the team.
1195

Once your Push group has been added, it will automatically appear as a team in Rollbar, where it can be assigned to projects. Membership in the team is controlled entirely via your Okta groups.

1020

Push groups are managed via the Push Groups tab in Okta. To remove a group from Rollbar, select Unlink push group, and then Delete the group in the target app.

Known Issues/Troubleshooting and Tips

  • For SAML authentication to work correctly, you must set Application username format to Email. Other username formats will not work.
  • Users cannot be removed from provisioned teams via Rollbar. This must be done via Okta group membership.

Updated 4 months ago