OKTA AD Import

OKTA AD Import 

Using the Active Directory (AD) Import capability offered by Okta, you may import users, groups, and group memberships from your on-premises Active Directory into your Okta account. Because both your AD and Okta synchronize user data, this feature makes managing users easier. It also makes sure that both systems are kept up to date automatically. 

Configuring the OKTA User Import is a two-step process 

• Create a OKTA Validate API in API Configuration. 
• Configure the Scheduler - Call API Action to schedule the activity

API Configuration

• Navigate to Design Studio > Module > API Configuration > New 
• Configure the Graph API in the API Configuration. For more information refer to the table below.

Field	Description
API Configuration Details	The details of the API Configuration are listed here.
API Config Name*	Select the API Config Name as OKTA Validate API.
API Group Name*	Choose OKTA Active Directory as the API Group Name.
Configured For*	Choose Inbound as the option for Configured For.
Domain*	Select the Domain for which you want the API Configured.
Sub Domain*	Select the Sub Domain for which you want the API Configured.
Department*	Choose the Department for which the API is configured.
Active	Enable the Active switch to keep the API Configuration active.
Icon	Choose an icon to be uploaded for the specified API.  The maximum upload file size is 1MB Image dimensions should not exceed 50px X 50px Supported imag formats are .gif, .jpeg, .jpg, .png, .bmp.
API Details	The API Details are given below.
API Name*	The API Name is auto-selected when the API Group Name is chosen as OKTA Active Directory .
API Timeout (In seconds)*	Choose a numeral for specifying the timeout (In seconds)
API Type*	The API Type gets updated as External when the API Group Name is chosen as OKTA Active Directory.
Response Type*	The Response Type gets auto-populated as an Array.
Pagination Link	The Pagination Link is updated as Content when the API Group Name is chosen as OKTA Active Directory.
Attribute Name	The Attribute Name also gets auto-updated when the API Group Name is chosen as OKTA Active Directory.
List the response attributes with hierarchy	This switch is enabled to view nested API response attributes or disable to view only the first level attributes.
Method*	The Method is auto populated as Get for the configured API when the API Group Name is chosen as OKTA Active Directory.
URL	The URL is one that is provided by the customer. It will vary for each customer.
Authentication	No configuration done at Authentication tab.
Params	The parameters need not be set.
Header	The header is configured as follows. Key - The Key is set as Authorization Value - The Value is provided by the customer.
Body	The request type can be viewed in Text, JSON, or XML format.
Response	The response can be viewed here.
Configured API	The configured API's are listed here. Refer the image below.

• Click Send to test the API and check the Response Body. 

3.    Configure the job in Scheduler using the configured API for the User table. 

• Navigate to Design Studio > Application > Scheduler > New. 
• In the general stepper, configure the below fields. Choose the Scheduler Type as Custom and Table as User and Execute at Web Server.
• Set the required number of times the scheduler needs to run in the Frequency step.
• No conditions are specified in the Condition step. 
• In the Actions step, go to Call API. 
•  In the Call API action, select the Inbound type and map the necessary columns and Publish the Scheduler. 

For more information, refer to the table below.

4.    Verify the data post-import. 

• Navigate to Platform Studio > User Access Management > User. Open the user from the list page.