Okta configuration
This page shows how to configure User & Group Sync for Okta.
Video Guide
Quick-start guide
On Okta side:
Log in to your Okta organization as a user with administrator privileges.
Any type of administrator role is fine. If you limit this administrator role to manage only specific groups, only users in those groups are synced.
API tokens have the same permissions as the user who creates them, and if the user permissions change, the API token permissions will also change.when in normal mode, click on the API tab at the top and then on Tokens
in the developer console mode/ classic view, expand Security in the left menu bar, click on API, and then on the Token tab in the top middle
Click on Create Token.
Name your token and click on Create token.
Copy your Token Value, you will only see it once.
User & Group Sync Configuration (https://your-base-url/plugins/servlet/samlsso/usersync)
Click on Create Connector and select Okta
Enter Okta Domain and the token value.
Click Save. You are now ready to sync.
User guide
Log in to your Okta organization as a user with administrator privileges.
Any type of administrator role is fine. If you limit this administrator role to manage only specific groups, only users in those groups are synced.
API tokens have the same permissions as the user who creates them, and if the user permissions change, the API token permissions will also change.
Depending on the mode, the configuration interface looks different in Okta:
Create Okta API Token
Regular UI
Click on API (2)
Click on Tokens (3)
Click on Create Token (4)
Developer Console/ Classic UI
Expand the Security node (1)
Click on API (2)
Click on Tokens (3)
Click on Create Token (4)
Name and Create Token
Name the token and create it.
Copy its value (1), it will be only displayed once. Of course, you can create a new token if you lost the old one.
Create User & Group Sync Connector For Okta
In your Atlassian application, go to User Sync, click Create Connector, and select Okta.
Add the Okta Domain (without https://), API Token. Use the Save and Test Connection button to check whether Okta's API endpoints are reachable and API permissions are set correctly.
If you want to limit the number of users you sync from Okta, you can set this up in the Required Groups tab. If you want to sync all users from Okta, you can skip this configuration step.
In the User Provisioning and Group Provisioning tab, you can change the attribute mapping for the user and define what groups should be assigned to users in case you don't need all groups from Okta. If you leave the settings unchanged, the standard user attributes are synced together with all the groups that have been assigned to the user.
In the Sync Settings section, you can configure the Cleanup Behavior and the Scheduled Synchronization. The clean-up defines what should happen to the user when it is not returned by Okta any more. The default is deactivating the user. By configuring the Scheduled Synchronization, you can have the sync run periodically without manual interaction. When enabled, the sync runs daily at 2 am, but you can change this if you want.
Please ensure that you Save your configuration.
You are now ready to commence either a simulated or a full sync. By simulating the sync first you will be able to verify your configuration and see what changes User Sync would apply like what users will be added, modified, or not modified. With the full sync, User Sync will apply those changes. Both sync actions will run a full sync and will have the same sync duration. For more information on the sync simulation, please refer to Using the Simulated Sync Feature.
