Creating an extended integration for Okta users

Let Oomnitza be your single source of truth!

You'll get visibility of your Okta users as data from Okta is automatically transformed into consumable information and actionable insights.

Connect Oomnitza and Okta in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

• Configurable dashboards and list views of key user information
• Configurable reports to share information about users with your colleagues and management

Navigation

Create the user integration

Custom mappings

Before you start

Before you can configure any of the available integrations with Okta, you need to add your Okta API token (also called an API key) to Oomnitza and add the Okta subdomain to global settings.

Add your Okta API token (also called an API key) to Oomnitza

You can create this API token by navigating to Security > API > Tokens > Create Token in Okta. For further information, refer to the Okta Documentation. Make sure to treat your API tokens securely, as you would passwords and other sensitive information.

Note
The API Token that you generated must have, at least, read access to users in Okta.

Adding your Okta credentials to Oomnitza

To add your Okta token to Oomnitza, complete these steps:

1. In Oomnitza, click Configuration > Security > Credentials.
2. Click Add new credential (+).
3. Search for the integration, and then click the forward button > to select the integration.
4. Add your API key.
5. Click Create.

Integration not in the list? Click Advanced Mode and complete these steps:

1. Add the information details.
2. Click the AUTHORIZATION tab.
3. Ensure that API Key is selected as the Authorization type.
4. Ensure that the Token Name is Authorization
5. Enter SSWS followed by a space, and then enter your API key. 
6. Enter Header in Add to field. 
7. Click CREATE.

Fig: Adding your credentials in Advanced Mode

Add the Okta subdomain to global settings

To save time entering information when you integrate Okta with Oomnitza and when you create the user integration and workflows, you can add the Okta subdomain value as a global variable in Oomnitza.

1. Go to Configuration>General>Global Settings.
2. Click Add new variable (+).
3. Enter Okta.Subdomain as the key value.
4. Enter the value. Refer to the table below.
5. Click SAVE.

Creating the user integration

About the integration

The Okta integration uses the User List API and lists all users that match a certain status.

You can create two extended user integrations for Okta.

The Okta User Load retrieves information about users that have the following status:

• ACTIVE
• STAGED
• PROVISIONED
• RECOVERY
• PASSWORD_EXPIRED
• LOCKED_OUT

When configuring the Okta User Load, you need to specify the number of days since the last sync. To retrieve all of the active user records when you run the integration for the first time, you enter 0 in the Days Since Last Sync field. When all the user records are uploaded, you can change the value so that only new or updated records are retrieved.

Let's say you ran the Okta User Load last Sunday and you scheduled the Okta User Load to run every Sunday at 6 AM. To reduce the performance workload, you enter 7 in the Days Since Last Sync field. The next time that the Okta User Load is run only the new records that were added or the user records that were updated since the last run are retrieved. 

The Okta Deprovisioned Load enables you to filter users by status. You can input any status, including:

• DEPROVISIONED
• DEACTIVATED
• ACTIVE
• STAGED
• PROVISIONED
• RECOVERY
• PASSWORD_EXPIRED
• LOCKED_OUT

Creating the integration

To create the Okta User Load or the Okta Deprovisioned User Load complete the following steps:

1. In Oomnitza, click Configuration>Integrations>Overview.
2. Click Block view
3. On the Integrations page, scroll down to the Extended section for user integrations.
4. Click NEW INTEGRATION.
5. Search for the integration in the sidebar or use the Search.
6. Click ADD.

Integration Overview

Before you start

More information is provided about the following fields to help you complete the integration:

Integration preferences: By default, the option Create & Update is selected, which allows for editing existing user records and adding new ones. If your goal is only to edit existing user records, choose Update Only. On the other hand, if you only want to add new records, select Create Only.

User selection: Select User only to create users in the People tab.  Select User plus SaaS User to also create SaaS users in the Software > SaaS menu. Once your users are created in the SaaS menu, you can create SaaS user workflows to validate the existence of a given user in a SaaS System and to pull role information from your SaaS System. For steps see Creating SaaS user workflows.

When you select User plus SaaS User and you have multiple instances of the same SaaS, you can choose your SaaS instance from the dropdown. If you have a single instance of the SaaS, your instance is already detected by the system.

Integration details

Procedure
To review or update the integrations details, click the pencil:

1. Update the integration name if necessary. 
2. From the User Selection list, select an option. 
3. For installation type, ensure that Cloud is selected.
4. For integration preferences, select an option.
5. Enter the name of the integration user.

Credential details

Choose one of the following options:

• Select the credentials that were created for the integration.
• Edit the credentials that were created for the integration.
• Create new credentials

Schedule

By default, user data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

1. Click the pencil.
2. Configure your schedule.
3. Click Update.

Mappings

To map the fields to Oomnitza, click the pencil.

Custom mappings

The following fields can be mapped from Okta using Oomnitza's User Interface. For more information on creating Extended Connector Mappings, please see our article on Mapping Extended Connectors.

Activated
Created Date
Email
First Name
ID
Last Login Date
Last Name
Last Updated Date
Login
Mobile Phone
Password Changed Date
Second Email
Status
Status Changed Date

Did you know? 
You can define rules for your integration by selecting Edit integration on the mapping page. For example, you may only want to run the integration if a certain contact or region exists. See Filtering integration results.  

You can add new fields to your integration by selecting Add new field   on the mapping page. All you need to do is specify the property name. See Creating custom API fields. 

Launching the integration

Your integration is in Draft mode until all the required mandatory fields are added. Once you have added all of the required fields, we recommend that you complete the following steps

1. Select Launch to activate your integration
2. Do a Test Run.
3. Click Sync Sessions and review the status of the integration. If you encounter any errors, see troubleshooting integrations.
4. When the test run has been completed, click Run Now.

Getting your results
To view the information that is collected about your assets, click Assets. To view the information about software, click the Software tab.  
To view the information that is collected about your users, click People. If you selected User plus SaaS User when running the user integration, you can also find a list of users in the Software > SaaS menu

Related Links

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

• Configure dashboards for your users and software
• Configure custom reports about your users and software
• Create workflows to automate tasks

See Getting started for more information.