Okta SCIM

Integrate Apono with OKTA SCIM to sync your users and groups

Suggest Edits

Overview

Apono's Okta integration makes it easy to sync your Okta users and groups with Apono and then create Access Flows with your existing users and groups.

This integration connects to an Okta account to sync users and groups with the Apono app.

Step-by-step guide

Prerequisites

Create a Connector

  1. Click Okta Directory SCIM on the Catalog page page.
  2. On the next page is a short form:
    1. Give the integration a name
    2. Enter the domain of your Okta organization. It can be found beneath your user name in the upper right corner, and in the example below the domain is "2903106.okta.com":
  1. Click Connect.

The connector is initializing, and it will still that way until the intergration is complete and the two applications talk with each other.

In the meantime, click the vertical three dots to the right and click Edit.

Copy the browser's URL. It looks like this:

https://app.apono.io/catalog/edit-integration/069cf551-c124-43f6

The last part - 069cf551-c124-43f6 - is the Integration ID. Save this for Okta provisioning described below.

Add the Apono App to Okta

Apono is an official app in Okta's Integration Catalog.

  1. From the Okta dashboard navigate to Applications > Applications, then click Browse App Catalog.
  2. Search the catalog for "Apono SCIM".
  1. Click Add Integration.
  2. In General Settings, give the integration a label and check the option to hide the application.
  1. Click Done.

Provision the Apono App in Okta

  1. On the Apono app page, click the Provisioning tab.
  2. In the API tab:
    1. Click Configure API Integration to enable provisioning.
    2. Check the box to enable API integration.
    3. For the Connection ID, enter the Integration ID part of the URL saved from the Apono integration above.
    4. Click Save.
  3. In the To App tab:
    1. Check the box to enable:
      1. Create Users
      2. Update User Attributes
      3. Deactivate Users
    2. Click Save.

Other Okta Settings

  1. Click the General tab. Make sure that both Application Visibility and Auto-launch are enabled.
  2. Click the Assignments tab. This is where you decide which people and groups will be synced with Apono.
  3. Click the Push Groups tab. Select the people and groups currently in your organization to push to Apono as part of this integration.

Results

The Apono connector for Okta has been installed, and the integration is now complete.

Next Steps

With SCIM you can fine tune the Okta groups that are shared with Apono. Those in excluded groups have no access. Included groups have access according to the Access Flows you define.

The following provisioning features are supported by Apono:

  • Push Users: Users in Okta who are then assigned to Apono are automatically added as Grantees in Apono.
  • Update User Attributes: When user attributes are updated in Okta, they are updated in Apono as well.
  • Deactivate Users: When users are deactivated in Okta, they are set to ‘disabled’ within Apono, preventing them from requesting further access.
  • Push Groups: OKta groups and their users can be pushed to Apono. Group information from Okta is mapped to Approvers and Grantees in Apono Access Flows.

References

Troubleshooting

  • Okta integration is only possible with an organization account, not a personal Gmail account.

Updated 3 months ago