Apono automatically sync your organizational users and groups when integrating with an organizational identity provider.
- On-Demand Permissions- Managing organizational users’ on demand access permissions to your cloud services or data repositories at granular level.
- Extended SSO- Extend organizational authentication to infrastructure, applications and data repositories where you don’t have SSO.
- Approval Workflows- Creating approval or trigger-based Access Flows allowing organizational user groups to receive the permissions they need.
- Review User Access Permissions- View each organizational users access permissions across the integrated applications and data sources.
Apono's Okta integration provides an easy way to sync your Okta users and groups into Apono, so you can easily define policies on existing users and groups
This integration creates an OAuth application inside your Okta organization with 2 OAuth scopes, that allow Apono to read users & groups
- Okta organization admin user
- Okta integration terraform repo
- Log into your Okta organization with an admin user
- Go to Admin console (on the upper-right)
- On the left menu choose Security -> API
- Tokens -> Create Token
- In the upper right corner click the user dropdown, under the username the domain will appear. should be similar to
- Your organization id is the first name, i.e.
example, base URL is the rest, i.e.
- Clone the integration terraform repo Okta integration terraform repo
- cd into it
terraform apply, this will ask for the api token, org id and base url
- Terraform will output 2 variables,
app client idand
domain name, save them for next step
- Log into Apono
- Go to IDP integrations page, Settings -> IDPs
- Provide the
app client idand
domain namefrom previous step
You should notice the new Okta integration in few seconds
Since we don't need the API token anymore delete it from your Okta organization so you don't have standing credentials
- User doesn't have the right privileges - creating an OAuth application and granting it scopes requires super admin privileges, thus you should either be one yourself, or ask your organization admin to create a token for you until you complete the integration
Updated 23 days ago