What's new with the Okta upgrade?
With our Okta provisioning integration update we are releasing a simplified yet powerful and flexible rule engine. You can now create easy to understand provisioning rules, such as:
- Anyone in an "Employees" Okta group should be assigned to "Regular Employees" access group in Sequr.
- Anyone in an "Admins" Okta group should be assigned to "Admins" access group in Sequr and should be added as an admin in Sequr. And so on...
Follow the steps below to upgrade your existing Okta integration.
Step 1 : Generate your Okta API token
- Login to your Okta account as an admin.
- Go to Admin > Security > API > Tokens and click on the 'Create Token' button.
- Provide a desired name for the token.
- Copy the token as this will be the only time that you will be able to view it. After this step, for security purposes it will be stored as a hash in your Okta application.
Token Best Practice: Service Account
Okta API tokens inherit the API access of the user who creates them, so we recommend you create a “service account” user with only the permission levels you need for the token to perform the API tasks you require. In this case it can be "Read Only Administrator"
Step 2 : Configure Your Sequr Account
- Login to your Sequr application and navigate to the Integrations page.
- Click the ‘Manage’ button for your Okta integration.
- Click on the 'Upgrade' button as shown in the screenshot below.
4. Once prompted, please provide the API token created in your Okta application, as well as the domain of your Okta application.
Step 3 : Configure Provisioning Rules
This step is crucial since there must be at least one rule specified for each property in order for a successful synchronization. All of your properties will be listed in the rules section where you can manage rules for respective properties.
With provisioning rules, you can:
- Map your organizational groups to Sequr "door access groups."
- Decide which role needs to be assigned to each user.
- Decide whether newly on-boarded employees should automatically receive a mobile key.
- Manage access to multiple office locations.
Simple Provisioning Rule:
You can create one default simple rule where every synced employee is granted common door access, as well as added under the regular user role.
For example, you can define a rule where every employee synced from Okta is assigned to the "Employee" access group and added under the "User" role.
As you can see in the following screenshot, in this case you do not need to add any conditions to the rule for a simple default rule.
Advanced Provisioning Rules
With this upgrade, you can get more specific with the rule engine to make sure certain groups of users in your organization are assigned to their proper access group.
As shown below, based upon your "Okta Groups," you can assign appropriate door access to appropriate users. If you have multiple office locations, you can also choose which specific employees get synced to which specific office locations.
You can drag these rules up or down to set their execution priority. Rules are executed in order based upon their priority. Once one rule is matched and executed, the rest of the rules will be skipped.
You can also add multiple conditions to a single rule as shown below. If you have multiple conditions applied to a single rule, you can select to either "match all" conditions or "match any" condition.
If you need assistance or have any questions about this upgrade, please feel free to reach out to the Sequr team at any time at firstname.lastname@example.org