Okta

Okta

Overview

The integation of Apono with Okta Directory synchronizes users and groups between the two.

Prerequisites

• Apono account with Admin privileges

• Okta account with Admin privileges

• terraform

• Apono's Okta integration terraform repo cloned to a new folder

Integration Steps

Follow these steps to integrate Apono with Okta Directory.

Generate an Okta API Token

1. Log in to your Okta organization as an admin user

2. Open the Admin console

3. Open the sidebar on the left by clicking the hamburger icon next to the Okta logo.

4. Navigate to Security > API, then click the Tokens tab.

5. Click Create Token and give it a name.

6. Save the token for the next step.

Find Your Okta Organization ID and Base URL

1. This information is displayed in the upper right corner of the page. Click the arrow next to. your user name to display this popup:

1. A URL is displayed of the form example.okta.com, where:

• example is the organization ID

• okta.com is the base URL

Run Terraform integration

1. If you don't have Terraform installed, go to the downloads page and follow the instructions for your operating system.

2. From GitHub clone Apono's Okta integration terraform repo to an empty folder. Go into that directory (Terraform uses the .tf configuration file found in the current folder).

3. Run:

• terraform initand then

• terraform apply,

1. The second command will ask you to input the following:

• Okta API Token

• Okta organization ID

• Okta Base URL

1. Terraform will output two variables that you must save for the next step:

• app client id

• domain name

Integrate Okta with Apono

1. Log into Apono

2. Open the Catalog, and select Okta Directory.

3. In the form on the next page, give a name to the integration.

4. Enter the app client id and domain name from the previous step

5. Enter the name of field in Okta that contains the Manager attribute if needed. See the Manager Attribute article for more information.

Results

The new integration will appear in the Integrations > Connections page of the Apono app. After a few minutes, the integration will become active and begin syncing with Okta.

Next Steps

With a successful integration, users and groups will now be synced two-way with Okta Directory.

You can now create Access Flows that include Okta users and groups.

Troubleshooting

User doesn't have the right privileges - creating an OAuth application and granting it scopes requires super admin privileges, thus you should either be one yourself, or ask your organization admin to create a token for you until you complete the integration

Refer to Troubleshooting Errors for information about errors that may occur.

A Note About the Manager Attribute

The Manager Attribute is used by Apono to determine how it finds each user's manager. By specifying the attribute name, Apono can locate the manager within the Okta system. If the attribute name is not specified, Apono will default to using Okta's predefined attribute, which is managerId.

It is important to note that the attribute must contain the manager's email address or ID (Okta user ID).

For additional information on Custom Attributes in Okta, please refer to the Okta Help Center.