Okta Groups
How to manage on-demand, temporary membership to Okta groups
Prerequisites
- Okta - Super Admin privilege to the Okta Admin Console
- AWS - Create secret privileges in AWS secrets manager
Create an Okta Application in Okta Admin Console
- Go to your Okta Admin Console
- On Menu, click on the Applications tab, then click on Applications.

- Click on Create App Integration

- Choose API Services (for the Sign-in method)
- Click Next
- In the App integration name, type Apono Connector, and click Save
- In the Client Credentials section, Copy the Client ID value (needed for the following step)
- In the Client Credentials section, click on Edit
- In Client authentication, choose Public key / Private key
- In PUBLIC KEYS section, click on Add Key

- Click on Generate new key
- Click on "Copy to clipboard" to copy the private key in JSON format (save for the following steps)
- Click on Done
- Click on Save and Save again
- Click on the Okta API Scopes tab
- Look for okta.groups.manage, and click Grant
- Click on Grant Access
Create a secret in AWS
- Go to AWS Console
- Go to AWS Secrets Manager
- Click on Store New Secret
- In Secret Type, choose "Other type of secret"
- In the Key/value pairs, add the following :
Key: client_id
Value: The Okta client_id you copied in the previous step
Click Add row
Key: private_key
Value: The JSON private key you copied in the previous step - Click Next
- In the Secret name and description section, write the Secret name: "apono-connector-okta-app"
- In the Tags section, click Add:
Key: apono-connector-read
Value: true - Click Next, then Next, and then Store to save the secret.
Apono - Connect Okta Groups integration
- Go to Apono Admin Console
- Go to Catalog
- Search for Okta Group integration, then click Connect
- In Integration Name, choose a name
- In Select Connector, choose a connector from the list of connectors or add a new connector
- In Okta Organization URL, write your Okta Organization URL, for example: https://your-org.okta.com
- In the Secret Store section, choose the secret store location
- In Region, Select the region where the secret is located
- In Secret Id, write the secret name you created, "apono-connector-okta-app" (choose the ID from the dropdown list)
- Click Connect
Updated about 1 month ago