Automatic user provisioning is supported for the DatoCMS application.
This enables Okta to:
The following provisioning features are supported:
Switch your Okta dashboard to Admin mode by clicking the button in the upper right corner:
Then select Applications and click Add Application:
On the new page search for DatoCMS and press Add:
A new screen will appear. Give the new app a name and press Next:
Now log in to your DatoCMS project as an administrator, and navigate to Settings > Single Sign-On > Settings, and copy the value of the SAML Token field:
In Okta, scroll down to Advanced Sign-On settings, and paste the value taken from DatoCMS in the previous step inside the Token field:
Now copy the URL in the Identity Provider metadata field...
...and paste it into the DatoCMS Identity Provider SAML Metadata URL field:
Make sure to also specify the default role editors will be assigned (learn more about this field in the Mapping Okta groups to DatoCMS roles chapter):
Press the Save settings button in DatoCMS. Back in Okta, select Email as the Application username format and press Done:
Now enter the Provisioning tab of your newly created DatoCMS application and click the Configure API Integration button:
Now in DatoCMS press the Generate API Token button under the SCIM Settings section:
Copy the newly generated token:
And paste the token inside the API Token field in Okta:
Click the Test API Credentials button and check that your credentials were verified successfully, then press Save to confirm.
Now in the Provisioning > To App section, press the Edit button and:
Press the Save button to confirm:
If you want to import existing users into Okta, enter the Provisioned users section in DatoCMS settings, and from there press the Sync with regular users button.
This will convert every DatoCMS collaborator into an SSO User:
Now under the DatoCMS app in Okta, find the Import tab, and click Import Now.
A list of DatoCMS users and possible associations with Okta users will be populated below. Click Confirm Assignments and these users will now be tracked, updated, and de-provisioned by Okta.
Now head over to the Provisioning > To App section of Okta, and under Attribute Mappings press the Force Sync button:
If the integration is working correctly, you should see the imported users with the status Synced:
There are various ways to add new users to DatoCMS within Okta. The quickest way to assign multiple users at once is to navigate to the Assignments tab of the Application, and press the Assign > Assign to people button:
From there, you will be able to assign users with the Assign button:
As soon as you add new users to the DatoCMS application, they will be visible in the Provisioned users section in DatoCMS.
Okta has the concept of Groups. With Groups, Okta administrators can create different sets of users based on common themes, giving them different permissions.
You can leverage this feature to assign different DatoCMS roles to provisioned users.
Create a group in Okta for each role available in your DatoCMS project. For example, if a "Blog Contributor" role exists in DatoCMS, create a "Blog Contributor" group in Okta.
Add members to the group in Okta.
Open the newly created group, and press the Manage Apps button. In the modal, assign the group to the DatoCMS application:
Open the DatoCMS Application in Okta, open the Push Groups tab and click on the Push Groups > Find groups by name button:
Enter the first characters of the group name inside the text input, select the group from the dropdown and press Save:
If everything worked correctly, you should now see the same group under the Groups section in DatoCMS:
In the Groups section in DatoCMS, you can now assign a specific role to each Group.
For each group, assign the role with the same name:
Once you've configured a role for every group, the following rules will apply:
In case a user does not belong to any group, the default role specified in the SSO Settings will be used:
For any other issues, please contact our support to get customized help.