Connect Identity or HR Providers

Connecting your IDP/HR system allows Opal to sync your organization's identities and attributes from a predefined source of truth, whether your IDP, your HRIS system, or both. Opal allows you to aggregate your identities and their metadata across disparate systems to provide a centralized, complete picture of users in one view.

How Opal interacts with IDP/HR providers

When you connect Opal to your Identity Provider (IDP) or HR Information System (HRIS), Opal creates users for your employees and syncs helpful information about them.

• Opal automatically imports your organization's user list
• Opal can import user information such as manager and title, along with custom attributes you specify
• Opal can revoke user access when accounts are terminated in the IDP

🚧

Note that Opal does NOT currently automatically create Opal users for every individual in your IDP. Opal users are only created when they're also part of an imported app.

Supported Identity/HR providers

Opal currently supports the following IDP/HRIS providers. See these guides for more information:

• Okta Identity Provider
• Google Identity Provider
• Azure AD Identity Provider
• Workday HR Provider

User deprovisioning

When users are deprovisioning in your IDP/HRIS provider, you can enable settings in Opal to automatically remove any access to end systems provisioned by Opal, as well as remove the user's access to Opal. If you enable both settings, end system access will be removed first.

Go to Configuration > Organizational Settings and select the appropriate deprovisioning settings.