Supported integrations
Integrations connect Oblique with external systems in your organization. Oblique can both pull information from and push access decisions back to integrations.
Supported integrations
Section titled “Supported integrations”Oblique supports the following integrations and objects:
| Integration | Objects | Pull | Push |
|---|---|---|---|
| Okta | Users | ✅ Supported | ❌ Unsupported |
| User attributes | ✅ Supported | ❌ Unsupported | |
| Okta groups | ✅ Supported | ✅ Supported | |
| Okta group rules | ✅ Supported | ❌ Unsupported | |
| Okta apps | ✅ Supported | ❌ Unsupported | |
| Okta app assignments (individual) | ✅ Supported | ✅ Supported | |
| Okta app assignments (group) | ✅ Supported | ❌ Unsupported | |
| Okta push groups | ✅ Supported | ❌ Unsupported | |
| Users | ✅ Supported | ❌ Unsupported | |
| Google groups | ✅ Supported | ✅ Supported |
Supported attributes
Section titled “Supported attributes”Attributes help match users from different systems, identify users on their profiles, and create attribute-based groups.
Attributes cannot be edited in Oblique. To update an attribute, update it in the integration it is from.
Oblique currently supports the following user attributes:
| Attribute | Required | Supported sources | Can be used for attribute-based groups |
|---|---|---|---|
| First name | Yes | Okta (firstName), Google | No |
| Last name | Yes | Okta (lastName), Google | No |
| Yes | Okta (email), Google | No | |
| Secondary email | No | Okta (secondEmail) | No |
| UUID | Yes | Okta (id) | Yes |
| Employee number | No | Okta (employeeNumber) | Yes |
| User type | No | Okta (userType) | Yes |
| Manager | No | Okta (manager) | Yes |
| Manager ID | No | Okta (managerId) | Yes |
| Title | No | Okta (title) | Yes |
| Department | No | Okta (department) | Yes |
| Division | No | Okta (division) | Yes |
| Organization | No | Okta (organization) | Yes |
| Cost center | No | Okta (costCenter) | Yes |
| Phone | No | Okta (primaryPhone) | Yes |
| City | No | Okta (city) | Yes |
Core attributes
Section titled “Core attributes”User profiles show information about all user attributes. Certain attributes are used are displayed as part of the user profile, including name, email, manager, and title.
Oblique currently supports the following core attributes and source integrations:
| Core attribute | Supported sources |
|---|---|
| Title | Okta (title) |
| Manager | Okta (managerId or manager) |
By default, Oblique uses the first integration you connect that provides each core attribute. The source integration for a core attribute can be changed.
Manager
Section titled “Manager”Oblique syncs both the managerId and manager user attributes from Okta. If the managerId is an Okta userId, it will be used as the core attribute for manager. Otherwise, if the manager attribute is an email, it is used instead.
Custom Okta user attributes
Section titled “Custom Okta user attributes”Custom user attributes are attributes defined by your organization in Okta ↗ that are not part of the default Okta user profile attributes.
For an Okta integration, Oblique automatically detects, imports and syncs custom user attributes from Okta that have the data type string. Oblique does not currently support custom user attributes with other data types. These custom user attributes are included on a user’s profile and can be used for creating attribute-based groups.
Admins can filter out users from the sync by adding rules to ignore users by attribute. Both profile and custom attributes are supported.
- Navigate to the Integrations page.
- Select the Okta integration.
- Select Settings.
- Under Ignore users by attribute, add a rule to ignore users by attribute key and value (for example:
emailanduser@example.com). - Select Save.
Any user that matches any of the rules will be ignored during the sync. A previously synced user that matches the rule will not be synced, but will remain in Oblique.
Profile photo
Section titled “Profile photo”User profiles include a profile photo. Oblique will use the profile photo from the identity provider from which the user authenticated to Oblique. It cannot be changed in Oblique, and must be edited in the identity provider.
Using attributes
Section titled “Using attributes”Attribute matching
Section titled “Attribute matching”Oblique uses attributes to uniquely match users imported from different systems.
Both email addresses and user IDs are used to match users:
- When a match is found with new email addresses, those emails are added as secondary emails to the existing user profile.
- If a user ID matches but emails differ, Oblique treats them as the same user and adds the new emails.
- If neither emails nor ID match any existing user, Oblique creates a new user profile.
Attribute visibility on user profiles
Section titled “Attribute visibility on user profiles”User attributes on profile pages are only visible to the user themselves and to Oblique admins. Other users, including managers, cannot see them.
Attribute-based groups
Section titled “Attribute-based groups”Attributes can be used to create attribute-based groups. This helps create groups of users that share a common attribute, such as all users in the same department.
Syncing
Section titled “Syncing”Oblique syncs user and group membership changes within minutes. Other changes may sync less frequently due to external API rate limits. For example, in a large Okta instance, external changes to apps assignments may take hours to reflect in Oblique.