Okta Groups

How to manage on-demand, temporary membership to Okta groups


  • Okta - Super Admin privilege to the Okta Admin Console
  • AWS - Create secret privileges in AWS secrets manager

Create an Okta Application in Okta Admin Console

  1. Go to your Okta Admin Console
  2. On Menu, click on the Applications tab, then click on Applications.
  1. Click on Create App Integration
  1. Choose API Services (for the Sign-in method)
  2. Click Next
  3. In the App integration name, type Apono Connector, and click Save
  4. In the Client Credentials section, Copy the Client ID value (needed for the following step)
  5. In the Client Credentials section, click on Edit
  6. In Client authentication, choose Public key / Private key
  1. In PUBLIC KEYS section, click on Add Key
  1. Click on Generate new key
  2. Click on "Copy to clipboard" to copy the private key in JSON format (save for the following steps)
  3. Click on Done
  4. Click on Save and Save again
  5. Click on the Okta API Scopes tab
  6. Look for okta.groups.manage, and click Grant
  7. Look for okta.users.read, and click Grant
  8. Click on Grant Access
  9. Click on the Admin roles tab
  10. Click on Edit Assignments
  11. Choose the Organization Administrator (for groups that do not contain admin roles)
    1. To grant users a membership to a group that contains admin roles, Super Admin role should be granted to the Apono connecrtor
  12. Click on Save Changes

Create a secret in AWS

  1. Go to AWS Console
  2. Go to AWS Secrets Manager
  3. Click on Store New Secret
  4. In Secret Type, choose "Other type of secret"
  5. In the Key/value pairs, add the following :
    Key: client_id
    Value: The Okta client_id you copied in the previous step
    Click Add row
    Key: private_key
    Value: The JSON private key you copied in the previous step
  6. Click Next
  7. In the Secret name and description section, write the Secret name: "apono-connector-okta-app"
  8. In the Tags section, click Add:
    Key: apono-connector-read
    Value: true
  9. Click Next, then Next, and then Store to save the secret.

Apono - Connect Okta Groups integration

  1. Go to Apono Admin Console
  2. Go to Catalog
  3. Search for Okta Group integration, then click Connect
  4. In Integration Name, choose a name
  5. In Select Connector, choose a connector from the list of connectors or add a new connector
  6. In Okta Organization URL, write your Okta Organization URL, for example: https://your-org.okta.com
  7. In the Secret Store section, choose the secret store location
  8. In Region, Select the region where the secret is located
  9. In Secret Id, write the secret name you created, "apono-connector-okta-app" (choose the ID from the dropdown list)
  10. Click Connect