This integration allows you to manage user memberships with Okta Directory. You can setup access management through Opal to Okta Directory in minutes.
To get started, head to the "Connections" page and click on the Okta Directory tile.
Opal requires multiple credentials in order to manage your Okta Directory Groups.
In order for Opal to manage your Okta Directory on your behalf, we'll need you to create a super administrator account. We suggest using a separate account for this, to ensure the account's permission levels do not change. You can do this by adding the new person to your Okta Directory. Then, perform the following steps:
- Navigate to Security -> Administrators.
- Grant the new account super administrator privileges via the "Add Administrator" button in the top left.
Next, we will generate an API token for the new account.
- Log in as the new account (with super administrator privileges).
- Navigate to Security -> API.
- Click on the "Tokens" tab.
- Click "Create Token" on the top left.
- Record the generated token.
Create a group rule in Okta that marks which Okta groups you want to sync with Opal:
- Navigate to Directory -> Groups.
- Click on the "Rules" tab and click "Add Rule".
- Name the rule "opal". In the "IF" condition, enter "opal" as the login user attribute argument.
- Click "Save".
- Back in the Connections form, fill in details about your Okta organization.
- For Organization Name, enter the domain name of your Okta organization (e.g. "mydomain" for "mydomain.okta.com").
- For Super Administrator API token, you should enter the API token of the account created above.
If this step is successful, you have completed setting up the Active Directory server connection.
- Click on the Groups tab of your newly created Okta connection, then on the table editor, click Import, like so:
Then, select which Okta groups you'd like to import into Opal.
Updated 24 days ago