I tried to link user/group provisioning with a SaaS application that does not have provisioning in "Okta Integration Network".
Introduction
In this blog, I will describe SaaS apps that do not exist in Okta 's app catalog "Okta Integration Network" and how to provision them. Read this article to understand how to do user provisioning with Okta Workflows.
What is the Okta Integration Network?
It is a template group that lists SaaS and security products that have been pre-integrated with Okta, and allows you to easily set up integration with Okta.
Okta boasts the #1 number of templates among IDaaS products, with over 7,300 single sign-on integrations and over 420 user sync integrations.
What is provisioning
Okta provisioning, as we're talking about here, refers to user provisioning.
For example, assigning a user to a SaaS application that Okta is linked to automatically creates a user in the linked SaaS application.
Okta also allows provisioning by user group.
What is Okta Workflows
Okta Workflows is a function that can realize automatic processing of tasks with no code / low code.
It can be used for a wide range of purposes, and depending on your ideas, most tasks can be automated, making it very convenient.
User provisioning linkage
This time, we will perform user provisioning for Cybozu (kintone), which does not have a template in Okta Integration Network.
*Okta Workflows is linked via API, so if the REST API of the SaaS you want to link with does not support it, you will not be able to link. Please be careful.
- From the Okta admin screen, select Applications>Applications and click Browse App Catalog
- Enter Cybozu in the search field and click Cybozu (cybozu.com)
- The screen below will appear, so click Add.
- Enter your domain and click Done
- Configure SAML linkage settings (omitted this time)
- Select Workflow > Workflows console on the Okta management screen
- Click Flows at the top of the page
- Click New Flow to start creating
- Select Okta in the Add event item
- Select User Assigned to Application
- Select the app to work with and click Save
- Click Add app action and select Okta again
- Search for read and click Read User
- A screen will appear where you can select fields, so select Username, firstname, lastname, Primary email and click Save
- Click Add function and click Base64
(In order to link with kintone, it is necessary to encode the administrator account and password in Base64, so set it.)
- Fill in text items manually
Description example) Administrator account: password
- Select Construct of Object from Add function and set as follows
- Click Split in the Text item from Add function
- Click At in the List item from Add function
- Drag Split's result list to At's list
- Click Compose from Add function
- Enter Compose text as below
(The blue part is dragged from Workflows)
- Select API Connector from Add app action
- Select Post
- https://subdomain.cybozu.com/v1/users.json in the URL field
Drag Output of Construct to Headers field
Drag Output of Compose to Body column
- Actually assign users to the app from Assignments of Okta management screen
- You can confirm that the users are actually synced.
This time, Okta's Workflows function was used for user synchronization, but various tasks other than user synchronization can be realized and automated depending on your ideas.
Why don't you all touch Workflows and try to reduce the operation man-hours?
Okta has many other features, so please contact us if you are interested.
Inquiry/Document request
In charge of Macnica Okta Co., Ltd.
- TEL:045-476-2010
- E-mail:okta@macnica.co.jp
Mon-Fri 8:45-17:30