Okta Integration

The following document will capture the available integration points with Okta and how to configure them.

Authentication

Global Settings

SaaS User Role integration

Delete User API block integration

Update User API block integration

Create User without Credentials API block integration

Deactivate User API block integration

 

Authentication

Before you can configure any of the available integrations with Okta, you need to add credentials in the vault. Okta requires a Token based authentication. This is the API token that you can create via API > Tokens within Okta. When adding it to the credentials in Oomnitza you enter Authorization as the Token name and the Token in the API key field.

We typically recommend creating a separate user for these integrations rather than creating the token from within an existing named user.

 

Global Settings

We recommend to set a few items in the Global Settings table that will be used as defaults in all the blocks for Jira integration rather than having to specify them every single time. These settings are:

  • Okta.Subdomain - This is the name of your Okta instance. In case your Okta URL is https://mycompany.okta.com , the name of your Okta instance would be mycompany.

 

SaaS User Role integration

This workflow block allows you to read a user’s role and last login date from Okta. In order to enable this, you need to select this from the list of available SaaS User integrations and then provide the following parameters in configuration:

  • Subdomain - This is the name of your Okta instance. In case your Okta URL is https://mycompany.okta.com , the name of your Okta instance would be mycompany.
  • Select the credentials that you created for Active Campaign
  • Deactivate User - If it’s checked, the SaaS user will be deactivated in the Oomnitza system if the user was not found in your Okta instance.

mceclip0.png

 

Delete User API block integration

This API preset will remove a user from Okta. In order to start using this, you need to select it from the list of available presets and make following adjustments:

  • Select the credentials that you created for Okta in Authorization tab.
  • Subdomain - can be maintained in Global Settings or overwritten locally by replacing [[Global_settings:Okta.Subdomain:Shorttext]] in the URL field of the API block

This API block is meant to be used within a SaaS User Workflow and uses to attribute user_external_id of SaaS User to map the user to Okta. Please keep in mind that a user deletion can not be recovered. When in doubt, you may rather choose to deactivate a user, see below.

 

Update User API block integration

This API preset will update a user in Okta. In order to start using this, you need to select it from the list of available presets and make following adjustments:

  • Select the credentials that you created for Okta in Authorization tab.
  • Subdomain - can be maintained in Global Settings or overwritten locally by replacing [[Global_settings:Okta.Subdomain:Shorttext]] in the URL field of the API block
  • You can influence which fields are being send in the body tab.

This API block is meant to be used within a SaaS User Workflow and uses to attribute user_external_id of SaaS User to map the user to Okta. 

 

Create User without Credentials API block integration

This API preset will create a new user in Okta without credentials using the attributes first name, last name, email as well as sending email as username. You may adjust the preset as you see fit within the body tab.

  • Select the credentials that you created for Okta in Authorization tab.
  • Subdomain - can be maintained in Global Settings or overwritten locally by replacing [[Global_settings:Okta.Subdomain:Shorttext]] in the URL field of the API block

 

Deactivate User API block integration

This API preset will deactivate a user in Okta. In order to start using this, you need to select it from the list of available presets and make following adjustments:

  • Select the credentials that you created for Okta in Authorization tab.
  • Subdomain - can be maintained in Global Settings or overwritten locally by replacing [[Global_settings:Okta.Subdomain:Shorttext]] in the URL field of the API block

This operation can only be performed on users that do not have a DEPROVISIONED status.

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk