Automate MobileIron user creation with Okta Workflows API Connector
Introduction
Okta Workflows is a function that automates various tasks without using scripts or code. Okta Workflows has a function called "API Connector" that allows you to freely link with external applications. This time, I used this function to automate MobileIron user creation.
Specifically, when an Okta user is assigned to an SSO-linked MobileIron app instance, we will create an Okta Workflows flow that automatically creates the corresponding user on MobileIron.
By automating it, you can reduce the trouble and mistakes of operation, so please refer to it.
What are API Connectors?
API Connector executes API requests to external applications by setting the following items in the same way as general APIs.
- API request destination URL
- HTTP method
- Query
- Headers
- Body
In API Connector, the following 4 types of API authentication methods can be set.
- Basic authentication
- Custom certification
- OAuth authentication
- None
(Figure: API Connector)
For each item setting and authentication method setting of API Connector, it is necessary to determine the setting contents after confirming the specifications of the linked application API.
You can check the specifications of the MobileIron user profile change API used this time from this document of ivanti (the company that provides MobileIron).
Integrating Okta Workflows and MobileIron with API Connector
- Authentication method settings
The MobileIron API authentication method is Basic Authentication, which authenticates using the application administrator's username and password.
Follow the steps below to configure the settings.
- Enter the Okta Workflows admin screen and go to the Connections tab
- Select New Connection > API Connector
- Select Basic for Auth Type and enter MobileIron administrator username and password for Username and Password
- Click Create
(Figure: Basic Authentication)
- Setting encoding in JSON > Parse card
When creating a user with the MobileIron API, the information for the user to be created must be encoded and included in the query in the API request.
The user information to be created is created in advance in the format specified by MobileIron with the Text > Compose card, and the contents are encoded with the JSON > Parse card.
(format of user information created by Text > Compose card)
{
"accountSource": "LOCAL",
"uid": "hogehoge@hogehoge.com",
"emailAddress": "hogehoge@hogehoge.com",
"firstName": "hogehoge",
"lastName": "hogehoge",
"displayName": "hogehoge hogehoge",
"password": "1234Hogehoge",
"confirmPassword": "1234Hogehoge ",
"userLocale": "en_US",
"managedAppleId": "",
"mamWithOutMDM": "false",
"sendInvite": "false"
}
(Figure: Encoding with JSON > Parse card)
- HTTP method and query settings
Set the HTTP method and query when actually executing the API request with the API Connector.
When creating a user with the MobileIron API, set the HTTP method to POST, and set the Query to the one created in (2) JSON > Parse card encoding settings.
(Figure: API Connector card settings when creating a user with MobileIron API)
Summary
API Connector cards can be used to make API requests to applications that do not have connectors on Okta Workflows.
If you are interested in Okta Workflows after reading this article, please contact Macnica.
Inquiry/Document request
In charge of Macnica Okta Co., Ltd.
- TEL:045-476-2010
- E-mail:okta@macnica.co.jp
Mon-Fri 8:45-17:30