User's Guide
OKTA
Note: To enable this feature, you must have administrative privileges in your Okta account. We
recommend using a dedicated service account that uses only the “Group” role as that role contains
only the permissions that Openpath requires to synchronize your users and groups.
1. Under Integrations > Identity Providers, click Get Started on the Okta integration.
2. Enter your API URL. This should be the Okta domain for your organization, prefixed with
https://
, for example,
https://yourcompanyname.okta.com
.
3. Enter an API Key. First you’ll need to generate an Okta API Key (Token) associated with the
Okta service account you have created for this integration. Ideally you should create a
dedicated API Key to be used only with the Openpath integration, so that you have control over
the lifecycle of this integration.
Note: Once you save the API Key, Openpath does not use or otherwise expose the API Key
anywhere except when using it to call Okta to synchronize users and groups.
4. Configure the following settings:
a. Auto-sync every 1 hour – this will sync Openpath with Okta once every hour.
b. Auto-create mobile credential – this will create a mobile credential for every user.
c. Auto-create cloud key credential – this will create a cloud key credential for every
user.
d. Auto-assign to group – this option will be grayed out until you save the API
credentials. After saving, return to the settings page to use this feature. This option lets
you assign Okta groups to groups you’ve created in Openpath.
Version 1.9
©
Openpath 2019
Page 35