First add a new Okta Authenticator Service
Using the values from each of the Okta Applications add the correct IDs.
- Authentication Service: The Authentication service the users will sync to.
- Okta Domain: The domain for the Okta API requsts.
- Sync Interval: How often to check for new users and groups. Defaults to every 6 hours.
- Sync Mode: Depending on your requirements this can be one of the following
Groups and Users assigned to the Okta Application
In this mode the authenticator will sync users and groups assigned to the specified application id. This mode will give an Okta Selector Application ID, this should be set to the Client ID of the User Interface Application created above.Only Members of the Selected Group
In this mode the authenticator will only sync users which are a member of a specific group. This mode will give you a Group Name option to fill in the group name which it will find and use to sync.Everyone
In this mode all users and groups will be synchronized.
- Okta Credentials: This allows you to select the desired authentication method.
Busby Default JsonWebKey
Use this if you used our JWK in your authenticator application.Custom JsonWebKey
This will provide you a field to enter your JSON Web Key's Private Key value.Okta Token
An alternative method of authentication is to use an Okta Admin Token, however these provide far more access than is required, and is available for completeness.
There are then several options available
- Sync Users: Whether to perform user synchronization.
- Sync Groups: Whether to perform group synchronization.
- Delete Users: Whether to delete users when syncing and the user no longer exists.
- Delete Groups: Whether to delete groups when syncing and the group no longer exists.
- Use User Info Endpoint: Certain configurations may result in not being able to read the user details from the Okta API, in this case enable this to use the user info endpoint to retireve the user data required. If this is not enabled then it will use the OAuth user endpoint which provides limited information.