Integrations

Please check if an integration post already exists by using the search function! If you find one, add your vote there instead!
SSO/SCIM Integration Enhancements (Okta)
The current ClickUp App within Okta has many features which have not been fully implemented which would help immensely with provisioning/deprovisioning of users. While the rest of this will focus on Okta many of the changes required will benefit all SCIM integrations. Many customers want to add the additional layer of security a 3rd party IdP provides with the additional benefits of automated User Lifecycle Management and automated Group/Team Membership based on attributes within the IdP. The App states that it allows SSO and SCIM but the SCIM implementation does not provide the function to Import existing users into Okta to match the profiles with an Okta user. This is likely in part due to bug CLK-565498 which I've raised in relation to the Users SCIM endpoint not implementing pagination as per the RFC 7644 standard. Once the pagination issue is resolved the ClickUp Okta Integration could then be updated to allow user discovery. The default attributes which are mapped do not include customRoleName, customRoleId, and manager which need to be configured by each customer. These are listed within the documentation for the Okta SCIM integration however the documentation doesn't provide much guidance. The table of attributes at the bottom of the guide does not define the Data Type which is expected, for customRoleId it is Integer and I'm unsure for manager. Customers using custom roles want to control allocation with Group Membership however with the current integration this is not possible. It will attempt to create a new user instead of updating the existing user. Adding the attribute to the user's application profile will work but that defeats the purpose of having group management. Additionally on attributes, the integration should allow the IdP to be the source of truth for more than just the ClickUp Role. Currently, we can not update a user's givenName, lastName, or email after the user is created. Finally, we should be able to disable 2FA within ClickUp for users who are authenticating via SSO but still leave it enabled for guests.
1
Load More