Okta SCIM
Integrate Apono with OKTA SCIM to sync your users and groups
Overview
Apono's Okta integration makes it easy to sync your Okta users and groups with Apono and then create access flows with your existing users and groups.
This integration connects to an Okta account to sync users and groups with the Apono app.
Step-by-step guide
Prerequisites
Okta organization with admin access (see Okta Organization Administrators ).
Create a Connector
Click Okta Directory SCIM on the Catalog page page.
On the next page is a short form:
Give the integration a name
Enter the domain of your Okta organization. It can be found beneath your user name in the upper right corner, and in the example below the domain is "2903106.okta.com":
Click Connect.
The connector is initializing, and it will still that way until the intergration is complete and the two applications talk with each other.
In the meantime, click the vertical three dots to the right and click Edit.
Copy the browser's URL. It looks like this:
https://app.apono.io/catalog/edit-integration/069cf551-c124-43f6
The last part - 069cf551-c124-43f6 - is the Integration ID. Save this for Okta provisioning described below.
Add the Apono App to Okta
Apono is an official app in Okta's Integration Catalog.
From the Okta dashboard navigate to Applications > Applications, then click Browse App Catalog.
Search the catalog for "Apono SCIM".
Click Add Integration.
In General Settings, give the integration a label and check the option to hide the application.
Click Done.
Provision the Apono App in Okta
On the Apono app page, click the Provisioning tab.
In the API tab:
Click Configure API Integration to enable provisioning.
Check the box to enable API integration.
For the Connection ID, enter the Integration ID part of the URL saved from the Apono integration above.
Click Save.
In the To App tab:
Check the box to enable:
Create Users
Update User Attributes
Deactivate Users
Click Save.
Other Okta Settings
Click the General tab. Make sure that both Application Visibility and Auto-launch are enabled.
Click the Assignments tab. This is where you decide which people and groups will be synced with Apono.
Click the Push Groups tab. Select the people and groups currently in your organization to push to Apono as part of this integration.
Results
The Apono connector for Okta has been installed, and the integration is now complete.
Next Steps
With SCIM you can fine tune the Okta groups that are shared with Apono. Those in excluded groups have no access. Included groups have access according to the Access Flows you define.
The following provisioning features are supported by Apono:
Push Users: Users in Okta who are then assigned to Apono are automatically added as Grantees in Apono.
Update User Attributes: When user attributes are updated in Okta, they are updated in Apono as well.
Deactivate Users: When users are deactivated in Okta, they are set to ‘disabled’ within Apono, preventing them from requesting further access.
Push Groups: OKta groups and their users can be pushed to Apono. Group information from Okta is mapped to Approvers and Grantees in Apono Access Flows.
References
Understanding SCIM (Okta)
SCIM App Integrations (Okta)
Troubleshooting
Okta integration is only possible with an organization account, not a personal Gmail account.
Last updated