Overview Okta Connector
The Okta connector manages accounts and permissions (entitlements) for your Okta instance. In this Okta connector guide you will learn about the supported features of the IDHub Okta connector, configurations and schema, how to deploy the connector and more.
For more information about the Connector Health and it's status, Click here
Architecture
The connector's architecture is constructed in accordance with the diagram below: The connector architecture primarily consists of a connector application and a target system component. The native communication with the target system is handled by the target system by leveraging the IDHub implementation of the Okta Specific connection. This architecture is implemented because it allows for rapid and straightforward connector deployment as well as precise versioning capabilities.
Features
- Account Management
- Entitlement Management
- Group Management
Below are the features in details.
Account Management
IDHub leverages your organization's existing Active Directory structure to efficiently retrieve Okta user account information. This streamlined process utilizes Distinguished Names (DNs) to pinpoint specific users or user groups within your Active Directory.
| Operation | Supported |
|---|---|
| Create user | Yes |
| Update user | Yes |
| Fetch Account | Yes |
| Account Reconciliation | Yes |
| Add/Remove Entitlements for User Add/Remove Group Memberships | Yes |
Entitlement Management
While IDHub utilizes the Microsoft Active Directory (AD) connector to synchronize user account information, it currently focuses on a specific entitlement type for provisioning and de-provisioning purposes: Directory Groups. This approach leverages the existing group structure within your Active Directory. Your organization's employees can request the synchronization of specific Okta Groups that correspond to their Active Directory Group counterparts. This streamlined method ensures efficient user access management based on group memberships.
It's important to note that IDHub's capabilities are constantly evolving. Future enhancements may include the ability to synchronize additional entitlement types for a more granular provisioning and de-provisioning experience.
Group Management
IDHub's Okta connector establishes a secure connection with your organization's Active Directory. This connection acts as a conduit to synchronize directory group information with your Okta instance. This robust integration empowers you to:
Target Specific Directory Structures: Leverage Distinguished Names (DNs) to pinpoint and synchronize specific parent directories, child directories, or a combination of both.
Flexible Configuration Options: IDHub offers granular control over the directory synchronization process. You can customize the fetch behavior to target specific DNs or include entire directory hierarchies.
Multi-DN Targeting: The AD connector seamlessly handles targeting multiple DNs, enabling the efficient synchronization of a broader range of directory groups.
- All synchronized directory groups are categorized as
Entitlementswithin IDHub. This user-centric approach allows your employees to submit access requests for specific directories through a streamlined interface. - Following a defined approval workflow, IDHub's automated fulfillment system grants access to the requested directory upon successful completion.
- This intelligent system leverages Active Directory's inheritance rules to automatically provision access to child directories within the approved hierarchy.