If your organization uses Okta as an Identity Provider, you can additionally designate it as an IDP/HRIS Integration. Doing so allows Opal to sync your Okta identities and their attributes, on top of syncing and managing access to entitlements (e.g. Okta Groups, Okta Apps, etc).

Getting Started

Before you set up Okta as your IDP, you must first create an Okta Directory App in Opal. To do this, please follow the instructions here.

Next, set up Okta as your IDP by following instructions here:

• Add Your First IDP/HR Provider
• Add Additional IDP/HR Providers

Your Okta IDP setup is now complete!

Importing user manager

You can configure Opal to automatically import user manager information from Okta and match the imported string to an Opal user.

There are 2 ways to do this:

• Set the manager attribute in an Okta user's profile to an Okta user's email. If there is a matching Opal user associated with this Okta user email, the user's manager in Opal will be updated to this user.
• Set the managerId attribute in an Okta user's profile to an Okta user ID. If there is a matching Opal user associated with this Okta user ID, the user's manager in Opal will be updated to this user. The Okta user ID can be found by navigating to the user from the People section in a browser, then observing the Okta user ID at the end of the URL (below, the Okta user ID is 00u1835qib5TKa8Ri5d7).