search cancel

How can I provision users in Rally when using SSO


Article ID: 215003


Updated On:


CA Agile Central SaaS (Rally)


How can I provision users in Rally when using SSO


 -  Okta User Provisioning Tool (OIN)

Customers may be using the User Provisioning Tool provided by Okta. This tool allows customers who use Okta to provision Rally users via this integration. 


This was previously setup via the PingFederate SSO connection.  Will it work as Rally migrates to Okta?


Unfortunately, there are no options for automatically provisioning users (enable/disable/configure) in Rally through SSO.  An enhancement request has been submitted, please feel free to add your feedback via the in-app feedback button.  There are a few ways that can be configured to assist with this:

1.  New users can be created using the Excel add-in to import those users.  It is likely that customers would need to manually adjust or add Project permissions after the users are imported since the import can only provide limited field values and choices for users.

2.  The following links to a Rally GitHub script can also be used to import or manipulate users.  Please be aware that Agile Central Support does not support or maintain scripts on the GitHUb repository.  (

3.  If your subscription uses Okta as their SSO provider:

There are two parts to the Rally Okta OIN integration; Authentication and User Provisioning.  They work independently of each other.  While the authentication piece will not work after May 31, 2021 as it was configured to use PingFederate, the User Provision module will still continue to function as it uses the Rally API to provision users. 
We recommend that customers hide the old app from users so they don't try to authenticate through the PingFederate connection.  But still leave it active so that it continues to provision users in Rally via the API.  This instance should be renamed to indicate that it is still used for Rally Provision of users.  The new Okta instance should be visible to users and will provide authentication to Rally going forward.
Here are some screenshots about how it looks to configure it below:

Additional Information

keywords: agile central, rally, sso, adding users


How to create a user with Web Services API

How to create ProjectPermissions and add TeamMemberships with Web Services API

Disable user with Web Services API