Configuring Productboard roles in Okta correctly

enterprise.svg

Once SCIM provisioning is enabled, you have to manage Productboard roles in Okta.

In this article, we share two approaches to how you can manage Productboard roles in Okta.

In this article:

Prerequisites

We expect that you already have SCIM configured or at least you’re familiar with Setting up SCIM provisioning with OKTA.

Setting up a role for every user

How to set up roles in the Productboard application profile

To set a role for every user, you would need to create a new Role attribute for your Productboard application. The Role attribute will look like this when you set a role for the user.

Screenshot_2023-01-01_at_23.08.22.png

To create the Role attribute for your Productboard custom app integration, please follow step 18 here and make sure to check the attribute as User Personal. If you’ve created a Role attribute in the past, we recommend you delete them.

With this setup, you can manage Productboard roles in the Assignments tab of your Productboard custom app integration.

Untitled__69_.png

To add a new user to the application:

  1. Click on Assign, and select Assign to People.
  2. Click on Assign to select the chosen user.
    Untitled__70_.png
  3. Select their Role and click on Save and Go Back.

You’ll need to do the steps above for each individual user. To update Individual user assignments, follow the same steps described above. 

Set up Productboard role in Okta profile

  1. Go to Directory, then Profile Editor, and select Okta’s User (default) profile.

  2. Click on + Add Attribute.

  3. Make sure you fill out the following fields correctly:

    • Data type: string
    • Display name: Productboard Role
    • Variable name: productboard_role
  4. Check the Define enumerated list of values and define these Productboard roles: admin , maker, contributor, viewer.
    Screenshot_2023-01-02_at_21.57.53.png
    Screenshot_2023-01-02_at_21.58.09.png

  5. Click Save.

Mapping the configuration

To be able to verify later that the mapping is configured correctly, set this Productboard Role field for at least one user.

  1. Go to your Productboard integration, then go to Provisioning and select To App.
    Untitled__71_.png
  2. At the bottom, you should see that one attribute mapping shows a warning Not mapped.
    Screenshot_2023-01-02_at_22.03.24.png
  3. Click on the Edit icon and configure the mapping according to the screenshot below:
    Screenshot_2023-01-02_at_22.09.12.png
  4. If you want to see the value for a different user, please change the user in the Preview.
  5. Click Save.

Now, you’re all set up and you can keep track of a user’s Productboard role in their Okta profile.

Setting a role only for 4 groups

We consider this approach more pleasant because you don’t have to configure the Role attribute for each user. We recommend keeping track of your users in groups according to Productboard roles such as Productboard makers, Productboard viewers, etc.

If you haven’t created the Role attribute for your Productboard custom app integration yet, please follow step 18 here. If you’ve created a Role attribute in the past, we recommend you delete them.

  1. Go to Directory, then Groups.
  2. Click on Add group to create 4 groups for the 4 Productboard roles:
    • Productboard Admins
    • Productboard Makers
    • Productboard Contributors
    • Productboard Viewers
  3. Assign Productboard users to their relevant groups.
    Untitled__72_.png
  4. Go to Applications, then Applications, and click on your Productboard application.
  5. Click on the Assign button, then Assign to Groups.
  6. Then assign the 4 groups to the Productboard application.
    Screenshot_2022-12-19_at_15.13.00.png
  7. Select a role for the group so it matches with the role in the group’s name.
    Screenshot_2022-12-21_at_14.39.52.png

In Assignments, you’ll still see all users as Individuals even though they’re in groups now.

Screenshot_2023-01-01_at_23.13.05.png

To change them to Group assignments

  1. Click on Convert assignments.
  2. You can either Convert all assignments or Select assignments to convert. Let’s go with the latter.
  3. Select one or multiple users. On the right, you can see the Group Name. Click Convert selected to convert users to Group Type.
    Screenshot_2023-01-03_at_0.12.31.png

Now, when you go back to Assignments, you’ll see that converted users have Group Type. If a user had a different role with Individual assignment, right now the group attributes take precedence. Thus, a member’s role is updated in Productboard to match a group’s role.

From now on, when you need to add a new Productboard member, just add them to a group corresponding to the expected role in Productboard.

When you need to change a user’s role, first add them to a new group corresponding to their new role, and then remove them from the previous group. This way, the user doesn’t lose access.

See also

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section

See more
Our Support hours:
Monday to Friday from 9:00 am - 2:00 am CET. Monday to Friday from 0:00 am - 5:00 pm PST.
Productboard Academy
Become a Productboard expert with self-paced courses, quick tip videos, webinars and more.
Product Makers Community
Connect with product leaders, share and find product jobs, and learn how to approach similar challenges. Come join our Product Makers community.