Okta.jpg

Okta

Okta is an identity and access management (IAM) service that provides a secure, single sign-on (SSO) solution for businesses. It is a cloud-based platform that helps organizations securely manage user identities, access rights, and credentials across multiple applications, websites, and databases.

SAML/SSO
LDAP
IAM

Connect to Okta (with Active Directory integrations)

Overview

The Okta Connector serves as a bridge between Okta's cloud-based identity management platform and IDHub. By leveraging Okta's Active Directory integration capabilities, the connector facilitates seamless synchronization of user and group information between Okta and IDHub.

Our Okta integration uses a common Lightweight Directory Access Protocol (LDAP) based connector for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.

We use SCIM protocols to connect to an Active Directory instance which syncs with your Okta instance using REST APIs.

Account in Okta

IDHub pulls all Okta user account information from your Okta instance via Active Directory through a specific Distinguished Name (DN) or multiple DNs.

User Account attribute we fetch includes (but not limited to):

  • samAccountName (As a unique identifier)
  • Common Name
  • First Name
  • Last Name
  • Display Name
  • Telephone Number
  • Email-Addresses
  • Department
  • Title
  • Employee Type

Our customers can choose to fetch any other attributes apart from the above as per their individual needs. With our Attribute based Access Control (ABAC), you can decide which information will be used on new user creation and which ones on user modifi

Entitlements in Okta

IDHub via LDAP Connector pulls only 1 types of entitlement from Active Directory sync from Okta for provisioning and de-provisioning.

  • Directory Groups

Employees of your organization can request for Okta Groups that are synced to Active Directory Groups as needed.

Okta Groups

As part of LDAP connector, we establish connection with Active Directory which in turn syncs with Okta instance to fetch all directory groups. We can customize and target a Distinguished Name (DN) while fetching and add additional configurations:

  • Target specific DN to fetch and fetch only parent directory
  • Target specific DN to fetch and fetch parent and child directories
  • Target multiple DN and fetch all directories

All the above configurations will pull directory as ‘Entitlements’

Users will be able to request for directory access from IDHub.

Upon completion of approvals based on request workflow defined by you on a particular directory, the users will automatically get access to the requested directory by our automated fulfillment, thus automatically providing access to the child directories as per rules of Active Directory.

Support and Maintenance

IDHub provides out of the box connector issue support and timely maintenance as a standard quality guarantee for all of our customers having our Cloud solution. However, any customization made to existing connectors requires managed services support plan for support and maintenance. 

Feature Summary

Provisioning

done
Create User
done
Modify User
done
Create Groups (Entitlements)

Deprovisioning

done
Remove User
done
Remove Groups (Entitlements)

Reconciliation

done
Fetch Users
done
Fetch Groups
done
Fetch User Assigned Groups

Additional Use Case

done
Sync to Azure AD
done
Sync to AD
done
Powershell Scripting