Oomnitza's Okta Extended Connector allows organizations to pull user information from Okta and populate it in Oomnitza. More info in Okta can be found here: https://www.okta.com/
Okta extended integration
Details on setting up extended integrations can be found in Oomnitza's Articles on Connector Setup.
In addition to the standard fields that are entered when you set up the extended integration for Okta, you must also enter your Okta subdomain. Your Okta subdomain is specified in your Okta URL:
Okta's REST API uses API Token based authentication. Instructions on generating an API Token can be found here: https://developer.okta.com/docs/guides/create-an-api-token/overview/
Credentials for Okta should be added to The Oomnitza Vault. The Authorization Tab of tab of your Okta
Add Okta credentials to Oomnitza
The API Token that you generated must have, at least, read access to users in Okta.
- Click Configuration > Security > Credentials.
- Click Add New Credential.
- Enter the name of the credentials and the owner.
- On the Authorization tab, select API key as the type of authorization.
- Enter Authorization as the token name.
- Enter SSWS press the space bar, and then enter your API key.
- Enter Header in Add to field.
- Click CREATE.
The following fields can be mapped from Okta using Oomnitza's User Interface. For more information on creating Extended Connector Mappings, please see our article on Mapping Extended Connectors.
- Created Date
- First Name
- Last Login Date
- Last Name
- Last Updated Date
- Mobile Phone
- Password Changed Date
- Second Email
- Status Changed Date
Okta user and deprovisioned user loads
You can create two extended integrations for Okta:
- The Okta User Load retrieves information about active or provisioned users.
- The Okta Deprovisioned User Load retrieves information about deprovisioned users.
The information that is streamed to Oomnitza from Okta is the same for active and deprovisioned user loads. However, when you create the Okta user load, you can also specify whether all active user records are retrieved or only new and updated records.
On the Connect page for the Okta User Load, you specify the number of days since the last sync. To retrieve all of the active user records when you run the integration for the first time, you enter 0 in the Days Since Last Sync field. When all the user records are uploaded, you can change the value so that only new or updated records are retrieved.
Let's say you ran the Okta User Load last Sunday and you scheduled the Okta User Load to run every Sunday at 6 AM. To reduce the performance workload, you enter 7 in the Days Since Last Sync field. The next time that the the Okta User Load is run only the new records that were added or the user records that were updated since the last run are retrieved.