Breadcrumbs

Set Up Okta Automation

Introduction:

  • Electric has launched an automation with Okta.

  • As a customer of both Okta and Electric, you can now integrate the two applications in order to expedite the creation and deactivation of employee accounts.

Benefits:

  • Automating the creation and deactivation of employees improves efficiency and security. It eliminates manual processes, reducing human error and ensuring employees have timely access.

  • Automation supports a departing employee’s access being promptly revoked - mitigating security risks.

  • It streamlines onboarding and offboarding, saving time for employees to get back to more strategic tasks in the day instead of manually managing application access for their coworkers.

Scope of the Current Okta Automation:

  1. New Account Creation

  2. Placing of New Accounts in Specified Groups in Okta

  3. Existing Account Suspension

How to Set Up Okta Automation:

Please make sure you are an admin user within both Electric and Okta for your company to complete this process in just a few minutes. If you are not an admin, you’ll need to partner with that person at your company to complete this set up.

Prerequisite: Add Okta to your Electric applications via http://my.electric.ai/applications

Steps in Okta:

In order to integrate Electric with your Okta instance, you will be required to configure Okta to allow Electric to manage users and groups. The following steps will help you configure Okta.

Step 1: Create a Resource Set

  1. Log in to your Okta Admin Console.

  2. On the left hand navigation menu, select Security → Administrators.

  3. Select the Resources tab.

  4. Click Create new resource set.

  5. Give the resource set a name (such as Electric Managed).

  6. Click Add resource.

  7. In the dropdown select Users and then select All users and click Save selection.

  8. Click Add another resource type.

  9. In the dropdown select Groups and then select All groups and click Save selection.

  10. Click Create.

Step 2: Create Okta API Services Application

  1. In the left sidebar, navigate to Applications → Applications.

  2. Click Create App Integration.

  3. Select API Services as the sign-in method and click Next.

  4. Give your application a name (such as Electric) and click Save.

  5. On the application’s General tab, find your Client ID – you will need to provide this to Electric.

Step 3: Configure Credentials

Electric’s Okta Integration requires you to generate and register an RSA key pair. This guide will assume you are using Okta’s built-in key generator, but you can generate your owns keys and provide those.

  1. Go to the General tab and scroll to the Public keys section.

  2. Click Edit.

  3. Click Add Key, then select Generate new key.

  4. Under Private key - Copy this! click JSON and then Copy to clipboard - you will need to provide this to Electric.

Ensure you take a copy of the private JWK before closing the dialog. You will need to provide this to Electric.

  1. Click Done to close the dialog.

  2. Click Save to save the new key to your application.

  3. Scroll up to the Client Credentials section and click Edit.

  4. Set Client authentication to Public key / Private key and then click Save.

  5. Click Save again if prompted that Existing client secrets will no longer be used.

  6. Scroll down to the General Settings section and click Edit.

  7. Ensure Proof of possession (DPoP) is Disabled / Unchecked.

  8. Click Set Client authentication to Public key / Private key.

  9. Click Save.

Step 4: Grant API Scopes

  1. Select the Okta API Scopes tab for your application.

  2. Grant the following scopes to allow Electric to manage your users and groups:

    • okta.users.read

    • okta.users.manage

    • okta.groups.read

    • okta.groups.manage

Step 5: Assign Role to Application

  1. Select the Admin roles tab for your application.

  2. Click Edit assignments.

  3. In the Role drop-down select Create a role.

  4. Provide a Role name (such as Electric Automation).

  5. Grant at least the following permissions to the role:

    1. User

      1. Create users

      2. Edit users' profile attributes

      3. Suspend users

      4. Unsuspend users

      5. Edit users’ group membership

    2. Group

      1. View groups and their details

      2. Manage group membership

  6. Click Save role.

  7. In the Role dropdown, find the role you created and select it.

  8. In the Resource set dropdown, find the resource set you created in Step 1 and select it.

  9. Click Save Changes.

Step 6: Finding your Okta Domain

  • In the Admin Console, your browser’s address bar will show a URL like https://dev-12345678-admin.okta.com.

  • Your Okta Domain is the part before .okta.com, ignoring -admin (e.g., dev-12345678).

  • Alternatively, go to Settings > Account in the Admin Console to find your Okta domain.

Step 7: Gather Configuration Parameters

Ensure you have the following pieces of information available before moving on:

  • Okta Domain

  • Client ID

  • Private Key

Steps in Electric:

  1. Navigate to the Applications from the left side navigation.

  2. Click on the Okta application in the application list.

  3. Within the automation settings box, click the “Connect application” button.

  4. Enter the Client ID, Private Key, and Okta Domain gather from the Okta setup steps in to the form.

  5. For Scopes enter the following: okta.users.read okta.users.manage okta.groups.read okta.groups.manage