The integation of Apono with Okta Directory synchronizes users and groups between the two.
- Apono account with Admin privileges
- Okta account with Admin privileges
- Apono's Okta integration terraform repo cloned to a new folder
Follow these steps to integrate Apono with Okta Directory.
- Log in to your Okta organization as an admin user
- Open the Admin console
- Open the sidebar on the left by clicking the hamburger icon next to the Okta logo.
- Navigate to Security > API, then click the Tokens tab.
- Click Create Token and give it a name.
- Save the token for the next step.
- This information is displayed in the upper right corner of the page. Click the arrow next to. your user name to display this popup:
- A URL is displayed of the form
exampleis the organization ID
okta.comis the base URL
- If you don't have Terraform installed, go to the downloads page and follow the instructions for your operating system.
- From GitHub clone Apono's Okta integration terraform repo to an empty folder. Go into that directory (Terraform uses the .tf configuration file found in the current folder).
terraform initand then
- The second command will ask you to input the following:
- Okta API Token
- Okta organization ID
- Okta Base URL
- Terraform will output two variables that you must save for the next step:
app client id
- Log into Apono
- Open the Catalog, and select Okta Directory.
- In the form on the next page, give a name to the integration.
- Enter the
app client idand
domain namefrom the previous step
- Enter the name of field in Okta that contains the Manager attribute if needed. See the Manager Attribute article for more information.
The new integration will appear in the Integrations > Connections page of the Apono app. After a few minutes, the integration will become active and begin syncing with Okta.
With a successful integration, users and groups will now be synced two-way with Okta Directory.
You can now create Access Flows that include Okta users and groups.
User doesn't have the right privileges - creating an OAuth application and granting it scopes requires super admin privileges, thus you should either be one yourself, or ask your organization admin to create a token for you until you complete the integration
Refer to Troubleshooting Errors for information about errors that may occur.
The Manager Attribute is used by Apono to determine how it finds each user's manager. By specifying the attribute name, Apono can locate the manager within the Okta system. If the attribute name is not specified, Apono will default to using Okta's predefined attribute, which is
It is important to note that the attribute must contain the manager's email address or ID (Okta user ID).
For additional information on Custom Attributes in Okta, please refer to the Okta Help Center.
Updated about 1 month ago