Connectors / Service / Okta

Identify provide/SSO platform (updated: 1602506814788)

Okta

On-demand identity and access management

Overview

Okta is an on-demand identity and access management service for web based applications, both in the cloud and behind the firewall.

Authentication

When using the Okta connector, the first thing you will need to do is go to your Tray.io account page, and select the workflow you wish to work on. Once in the workflow builder itself, search and drag the Okta connector from the connectors panel (on the left hand side) onto your workflow.

With the new Okta connector step highlighted, in the properties panel on the right, click on 'New Authentication' which is located under the 'Settings' heading.

okta-auth

This will result in a Tray.io authentication pop-up window. The first page will ask you to name your authentication, and state which type of authentication you wish to create ('Personal' or 'Organisational').

As you can see, the next page asks you for your 'Okta domain' and an 'API token' credentials.

okta-auth-popups

In order to get these fields, log in to the Okta app. Your Okta domain will be in the top right hand corner of your main Okta Dashboard. Please note that you don't need to include https.

To find the 'API Token', click on 'Token' under the 'API' menu in the top navigation bar.

okta-token

Once you get to the main token dashboard you will see a list of tokens you have available. As you are not able to view your tokens after their creation, you will then need to select 'Create Token' in order to generate one that you can copy.

okta-create-token

Be sure to make a note of the token hash key as you won't be able to view it again.

okta-view-token

Once you have added these fields to your Tray.io authentication popup window, click on the 'Create authentication' button. Go back to your settings authentication field (within the workflow builder properties panel), and select the recently added authentication from the dropdown options now available.

Your connector authentication setup should now be complete.

Okta Trigger

If you wish your workflow to be kicked off by a particular action in Okta, you can use the Okta Trigger.

The Okta trigger allows you to receive notifications and trigger workflows when given events occur associated with the selected trigger operation.

Trigger operations available:

  • Webhook

Webhook Setup

When creating a new workflow, click the 'Create new workflow' button in the top right hand corner of your main Tray.io dashboard. When the trigger popup window opens, search and select the Okta trigger. Wait to be redirected to your new workflow and the workflow dashboard itself.

okta-select-trigger

With the new Okta trigger step highlighted, create a new authentication. This step is similar to a regular Okta connector. in that you need only follow the instructions above in order to authenticate your trigger.

The main difference being that you must select 'Webhook' as the event you want your trigger to listen to (aka the operation):

okta-trigger-operation-options

You now need to choose what action you want to trigger your workflow. Firstly, name your trigger under the 'Name' field.

Under 'Events', click on the 'Add to Events' button. From within the new 'Event' dropdown menu, select an event to trigger your workflow.

For example, 'Create user' will send a webhook notification any time a new user in Okta is created. There are over 42 individual options currently to choose from so please select carefully.

While your dashboard will not have changed, and the authentication will appear the same as it was, don't be alarmed. Test your trigger by performing the event in question in Okta (which in this case is create user).

In your Okta account, under the 'Users' tab you can create a user by clicking on 'Add Person'. Once created your workflow should be triggered.

okta-add-person

PLEASE NOTE: Before testing your Okta-triggered workflow, make sure you have clicked the'Enable' button in the bottom-right corner of the builder screen.

When you perform an action in Okta which triggers your workflow you can check the result by opening the debug panel in your workflow:

Successful Trigger event

Available Operations

The examples below show one or two of the available connector operations in use.

Please see the Full Operations Reference at the end of this page for details on all available operations for this connector.

Note on Operations usage

Pagination

Whenever an operation makes use of pagination, its output will also return the 'Next' property, containing the cursor for the next page, if there is one.

If an operation makes use of pagination, you will find the 'After' property where you would insert the next property value.

When looping through a list, you can check whether the 'Next' property value is equal to null, to exit the loop or use it to specify the 'After' property value.

All Operations

Latest version:

3.3

Activate enrollment factor

Activates a specific enrollment factor with a passcode.

Activate user

Activates a user. This operation can only be performed on users with a STAGED status. Activation of a user is an asynchronous operation.

Add user to group

Adds a user to a group with OKTA_GROUP type.

Create group

Creates a new group with OKTA_GROUP type in your organisation.

Create user

Creates a new user in your Okta organisation with or without credentials.

Deactivate user

Deactivates a user. This operation can only be performed on users that do not have a DEPROVISIONED status. Deactivation of a user is an asynchronous operation.

Delete user

Deletes a user permanently. This operation can only be performed on users that have a DEPROVISIONED status. Using this operation on a user that hasn’t been deactivated causes that user to be deactivated. A second delete operation is required to delete the user.

Enroll Okta SMS factor

Enrolls a user with the Okta SMS factor and an SMS profile. A text message with an OTP is sent to the device during enrollment and must be activated by following the activate link relation to complete the enrollment process.

Enroll Okta call factor

Enrolls a user with the Okta call factor and a call profile. A voice call with an OTP is made to the device during enrollment and must be activated.

Enroll Okta email factor

Enrolls a user with an email factor. An email with an OTP is sent to the primary or secondary (depending on which one is enrolled) email address of the user during enrollment.

Enroll Okta security question factor

Enrolls a user with the question factor and question profile.

Enroll Okta verify TOTP factor

Enrolls a user with an Okta token:software:totp factor. The factor must be activated after enrollment by following the activate link to complete the enrollment process.

Get factor

Retrieves a factor for the specified user.

Get group

Retrieves a specific group from your organisation.

Get user

Retrieves a user by id, login, or login shortname (if the shortname is unambiguous).

Get user profile custom field

Retrieves a single user profile custom fields.

Get user schema

Retrieves the schema for a type of user schema.

Get user schema property

Retrieves the schema property for the default type of user schema.

Get user type

Retrieves a user type by its ID.

List enrolled factors

Lists all the enrolled factors for the specified user.

List factors to enroll

Lists all the supported factors that can be enrolled for the specified user.

List group members

Lists users that are a member of a group.

List groups

Lists groups in your organisation.

List security questions

Lists all available security questions for a user’s question factor.

List system logs

Lists your Okta system logs.

List user profile custom fields

Lists your user profile custom fields.

List users

Lists users in your organisation.

Raw HTTP Request (Advanced)

Perform a raw HTTP request with some pre-configuration and processing by the connector, such as authentication.

Reactivate user

Reactivates a user. This operation can only be performed on users with a PROVISIONED status.

Remove user from group

Removes a user from a group with OKTA_GROUP type.

Resends SMS as part of enrollment.

Use the resend link to send another OTP if user doesn’t receive the original activation SMS OTP.

Reset factor

Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.

Set user password (Admin)

Sets passwords without validating existing user credentials. This is an administrative operation.

Suspend user

Suspends a user. This operation can only be performed on users with an ACTIVE status.

Unlock user

Unlocks a user with a LOCKED_OUT status and returns them to ACTIVE status. Users will be able to login with their current password.

Unsuspend user

Unsuspends a user and returns them to the ACTIVE state. This operation can only be performed on users that have a SUSPENDED status.

Update group

Updates the profile for a group with OKTA_GROUP type from your organisation.

Update user

Updates a user‘s profile or credentials.