Setting up SCIM provisioning for Riverside

SCIM (System for Cross-domain Identity Management) lets your IT team automatically sync users from your identity provider (IdP) directly into Riverside. Once configured, you can provision new users, update their details, and revoke access, all from your IdP, without manual intervention in Riverside.

Who: Account owners
Plan: Some Business plans, contact your CSM
Device: Computer browser

Reach out to your account CSM to get started, then follow the steps below.

Get your SCIM base URL

You need the SCIM base URL to connect Okta to your Riverside account. Follow these steps to locate it:

  1. Log in to your Riverside account.

  2. In the bottom left corner, click the account menu button.
  3. Click Settings.
  4. Under Team, click SSO & Provisioning.
  5. Scroll to the User provisioning (SCIM) section.
  6. Next to SCIM base URL, click the copy.svg copy icon.
    The URL is copied to your clipboard.

Get your Bearer Token

Your Bearer token is your Riverside API key. Follow these steps to locate it:

  1. Log in to your Riverside account.

  2. In the bottom left corner, click the account menu button.
  3. Click Settings.
  4. Under Team, click API.
  5. Under Generate API key, click Generate.
  6. In the pop-up, under Your API Key, click Copy.
    Your API key is copied to your clipboard. 

Find your Production slugs

Riverside generates a unique production slug for each production in your workspace. Use it to assign members to productions during setup. Follow these steps to locate it:

  1. Log in to your Riverside account.

  2. In the bottom left corner, click the account menu button.
  3. Click Settings.
  4. Under Team, click SSO & Provisioning.
  5. Scroll to the User provisioning (SCIM) section.
  6. At the bottom of the page, click production slug
    You are redirected to your productions dashboard.
  7. Hover over the relevant production and click the ••• three dots
  8. Click Copy slug.
    The production slug is copied to your clipboard. 

Configure SCIM in Your Identity Provider

Enable SCIM in Okta

Enable SCIM provisioning for the Riverside app in Okta.

  1. Go to the Okta Admin Console.
  2. Click Applications.
  3. Select the Riverside app.
  4. Open the General tab.
  5. In App Settings, under Provisioning, select SCIM.
  6. Click Save.

Set up the integration in Okta

Set up the SCIM integration between Okta and Riverside, so user provisioning can be managed automatically.

  1. In Okta, open the Provisioning tab. 
  2. Select Integration from the left sidebar.
  3. Fill in the SCIM connection details:
    • SCIM connector base URL: Enter https://api.riverside.fm/scim/v2 
    • Unique identifier field for users: Enter userName
  4. Under Supported provisioning actions, enable the following:
    • Import New Users and Profile Updates
    • Push New Users
    • Push Profile Updates
    • Push Groups
    • Import Groups
  5. Under Authentication Mode, select HTTP Header.
  6. In the Authorization field, paste your Bearer token
  7. Click Test Connector Configuration
  8. After the test is successful, click Save.

Enable provisioning to app in Okta

Enable user provisioning from Okta to Riverside, so user changes in Okta are reflected in Riverside.

  1. In Okta, open the Provisioning tab. 
  2. Select To App from the left sidebar.
  3. Click Edit.
  4. Next to Create Users, click the toggle to enable it. 
    When the toggle is on, users assigned to the app in Okta are created in Riverside.
  5. Next to Update User Attributes, click the toggle to enable it. 
    When the toggle is on, changes made to a user in Okta are updated in Riverside.
  6. Next to Deactivate Users, click the toggle to enable it. 
    When the toggle is on, users removed or deactivated in Okta are deactivated in Riverside.
  7. Click Save.

Add the productions attribute in Okta

This step creates a custom attribute in Okta to assign users to productions in Riverside.

  1. In Okta, go to Directory.
  2. Click Profile Editor.
  3. Select Riverside App Profile.
  4. Click Add Attribute.
  5. In the Add Attribute panel, enter the following details:
    • Data type: Select string array
    • Display name: Enter productions
    • Variable name: Enter productions
    • External name: Enter productions
    • External namespace: Enter urn:ietf:params:scim:schemas:extension:riverside:2.0
    • Next to Attribute required, select Yes.
    • Next to Attribute type, select Group.
    • Next to Group Priority, select Combine values across groups.

  6. Click Save.

Verify the attribute is not mapped

After saving the attribute, make sure it is not mapped in either direction. This ensures Okta does not overwrite production assignments managed through SCIM.

  1. In Okta, go to Directory.
  2. Click Profile Editor.
  3.  Next to Riverside App, click Mappings
  4. Select Configure User mappings.
  5. In the App to Okta tab, locate productions. If a value is set, remove it so the field is blank.
  6. Click Save Mappings
  7. In the Okta to App tab, locate productions. If a value is set, remove it so the field is blank.
  8. Click Save Mappings

Assign users or groups in Okta

This step defines which users are provisioned into Riverside and which productions they are assigned to. You can assign users individually or assign an Okta group to provision all members of that group at once.

  1. In the Okta Admin Console, click Applications
  2. Search for and select the Riverside app. 
  3. Click the Assignments tab.
  4. Click Assign and select one of the following:
    • Assign to People
    • Assign to Groups 
  5. Find the user or group and click Assign next to their name. 
  6. In the productions field, enter the production slug
    Click Add Another to add multiple productions
  7. Click Save and Go Back
  8. Click Done.