Okta

When you connect an Okta domain to Oblique, Oblique will automatically sync users, user attributes, and Okta groups from Okta to Oblique.

Oblique initially adds all resources in “Pull” mode, meaning that Oblique treats Okta as the source of truth and pulls information on these resources to Oblique. When you change the management mode of a resource, Oblique will automatically sync changes with Okta. For example, if you change a resource from “Pull” to “Push,” Oblique becomes the source of truth and pushes changes to Okta.

As you make changes in Okta, Oblique adds any new users and groups to Oblique, and archives any deleted users and groups in Oblique.

Tip

You can add multiple Okta domains to Oblique, such as both a main and a dev domain. These function as separate integrations and are distinguished by their domain base URI and Okta organization ID.

Supported options

Oblique integrates with Okta:

• As a source for users and user attributes
• As a source and destination for resources

Resources

• Okta groups

Note

Oblique does not manage Okta apps. Instead, sync Okta groups with access to the resources you want to manage.

Add Okta integration

To add an Okta integration, you need to have an Okta API token.

To generate an Okta API token, in Okta’s Admin Console, navigate to Security > API, or go directly to https://$your-okta-domain.okta.com/admin/access/api/tokens:

1. Select the Tokens tab.
2. Select Create Token.
3. Enter a name for the token. For originating API calls, select Any IP. Select Create token.
4. Reauthenticate to Okta.
5. Copy the token value that is provided. It will not be shown again. When done, select OK, got it.

Note

You cannot limit the scope of Okta API tokens to specific actions, such as read only. Oblique does not require write permissions to import users and groups from Okta, and will not modify your Okta environment until explicitly enabled to do so.

Read more about creating an API token in Okta’s documentation ↗.

1. Navigate to the Integrations page.
2. Select Add integration.
3. Select Okta.
4. Enter the Okta domain base URI, such as https://example.okta.com, and API key, which starts with 00.
5. Select Create integration.

Oblique will immediately start syncing users, user attributes, and Okta groups from Okta to Oblique.

Manage Okta groups

Manage existing Okta groups

Oblique can manage Okta groups and act as the source of truth for group membership. You configure this setting at the resource level.

This setting starts on by default and you can’t turn it off.

Create new Okta groups

Oblique can create Okta groups and act as the source of truth for group membership by creating new Okta groups for new team groups in Oblique. You configure this setting at the resource level.

This setting starts off by default.

To create new Okta groups for new team groups, you first need to enable this setting for the integration:

1. Navigate to the Integrations page.
2. Select the desired Okta integration.
3. Select Settings.
4. Toggle Create Okta group for new teams to On.

When you create a new team group in Oblique, Oblique will create a new Okta group with the same name in “Push” mode.

Create an Okta group for a new team group Learn more about creating a resource tied to an Oblique group.

Caution

Oblique can’t create an Okta group for an existing team group in Oblique. Oblique can’t create an Okta group for a new attribute-based group.

Sync Okta integration

You don’t need to do anything to sync the Okta integration. Oblique will automatically and continuously sync changes with Okta every 15 seconds.

Remove Okta integration

You can’t currently remove an Okta integration from Oblique. Contact support to remove the integration.