Using Okta for User Provisioning

  • 12 December 2023
  • 9 replies
  • 75 views
dandrews
Rank
Userlevel 4

Hi all, 

We are moving to Okta for our user provisioning and have been running into a few issues with our IT team. It sounds like Okta is not integrated for this purpose (idea pending) but I’m curious. Who else is using Okta for this and how are you doing it so that you can get all the correct fields mapped into the system?

Thanks, 

D’Arcy 

9 replies

KMallette
Rank
Userlevel 7
Badge +5

Hi, @dandrews We use Okta and found the conversion very simple. Field mapping is pretty easy, We do have a specific additional field that we use for the branch code.

 

 

KMallette/Viasat, Inc.
dandrews
Rank
Userlevel 4

@KMallette are you doing this through the API connection?

alekwo
Rank
Userlevel 7
Badge +1

@dandrews we are using Okta as well, it works with no issues with the standard SAML configuration. We only pass username, email, and first and last name from Okta when creating a user. 

 

-- Alek Oleszkiewicz - linkedin.com/in/aleko
dandrews
Rank
Userlevel 4

@alekwo @KMallette Do yall have any issues deleting or disabling users? ie, how to disable folks? It sounds like this set up with user provisioning does not allow for that (or at least what my IT team is telling me) 

KMallette
Rank
Userlevel 7
Badge +5

@dandrews  We just use it for login, and there by account creation. We’re using the SAML 2.0 configuration, not API. I would think that offboarding would work with the API as a separate ‘function’ … you’d need Okta to assign the username when the account gets created so that you can match them up correctly.

KMallette/Viasat, Inc.
alekwo
Rank
Userlevel 7
Badge +1

@dandrews it’s a one-way street - we only create and update users when they log in, we don’t deactivate users based on their status in Okta.

-- Alek Oleszkiewicz - linkedin.com/in/aleko
dandrews
Rank
Userlevel 4

Ok that’s what I thought which is why I was getting push back for this method. How do you then disable your users? @ale

 

alekwo
Rank
Userlevel 7
Badge +1

It depends, for employees we have a separate API-based integration with our HR system.

For customers, we only disable them manually in case we receive a bounced email from them. 

-- Alek Oleszkiewicz - linkedin.com/in/aleko
dandrews
Rank
Userlevel 4

Thank you @alekwo

Reply


Terms & ConditionsCookie settings