Rally Software

  • Private Community
 View Only

  • 1.  Can Rally users be provisioned when using Okta for SSO?

    Posted Apr 07, 2017 05:13 PM

    I've successfully enabled Okta for SSO to Rally (CA Agile Central) but I have not been able to find how user provisioning can happen with Okta. I did find Document ID: TEC01000002575 but the setting "Allow enhanced user capabilities through Web Services 1.x" is not available in my subscription settings. 

     

    How can user provisioning work from Okta? If that's not possible, do I have to manage users in both Okta and Rally? Thanks in advance.



  • 2.  Re: Can Rally users be provisioned when using Okta for SSO?

    Posted Apr 12, 2017 02:20 PM

    Hi Verona,

     

    There is not currently a supported way to provision users from an IDP such as Okta in CA Agile Central. Currently, you would need to provision new users in both systems. I have archived that knowledge article you found as it is outdated.

     

    Thanks,

    Sean Davis



  • 3.  Re: Can Rally users be provisioned when using Okta for SSO?

    Posted Apr 12, 2017 05:42 PM

    Thanks for the follow-up Sean. Unfortunately, your response is perplexing because it seems that user provisioning from the IDP is an important feature of using SSO. Without it, we have twice the process to achieve the same effect.

     

    I hope the engineering team will consider adding automated provisioning in a near future release.

     

    Cheers,

    --Emil Varona



  • 4.  Re: Can Rally users be provisioned when using Okta for SSO?

    Posted Apr 12, 2017 06:49 PM

    Hi Varona,

     

    I understand it is not ideal. I suggest creating a feature request for this on our Ideas site as I would think other customers would vote for a feature like this. Have a great day!

     

    Thanks,

    Sean Davis



  • 5.  Re: Can Rally users be provisioned when using Okta for SSO?

    Posted Feb 09, 2018 07:37 PM

    #My2Cents  In today's cloud app world, I see something like this introducing high-risk security vulnerabilities because, letting Okta automatically create a user account inside Agile Central without setting any team access & permissions or without configuring any profile settings is only half the user account provisioning work anyway. See what I mean? Unless the entire user account provisioning process happens - that is, 1) creating the user account, 2) applying team access & permissions to the account, 3) controlling custom content and delivery of the 'Welcome to Agile Central' email, 4) configuring default profile settings.... I see something like this as more of a hack (i.e., inadequate user account provisioning solution) than a sound user account provisioning solution. In the cloud app world, apps (tools) have administrators that govern user management. In my mind, something like this would be more of a hack than a sound solution. #Food4Thought