Permissions
To connect your Atomicwork and Okta accounts, you need:
Atomicwork admin access: You need to org admin access in Atomicwork.
Okta admin access: You need to have admin access in Okta that will allow you to create and manage your own API tokens. Only super admins, org admins, and group admins can create tokens.
An Okta API token carries the permissions of the user who creates it, so it’s essential to have the necessary permissions for managing users and executing specific workflows within Atomicwork.
An Okta API token. Follow the instructions here to create one.
To access the breadth of Okta-Atomicwork features, the admin creating the API token will need to have the following explicit permissions in Okta.
User management permissions: To manage users and execute user-related actions in workflows.
Permission | Purpose |
View users | To sync user profiles and ensure workflows have access to the necessary user data. |
Create users | To create new users automatically as part of workflows and journey actions. |
Delete users | To remove users through workflows and journey actions. |
Suspend users | To temporarily suspend user accounts through workflows and journey actions. |
Deactivate users | To deactivate users through workflow and journey actions. |
Activate users | To reactivate users who need to regain access to your Okta applications. |
Edit users' profile attributes | To update user attributes, ensuring the latest data is synced to Atomicwork and used in workflows. |
Reset passwords | To support resetting passwords as part of skills. |
MFA resets | To allow resetting multi-factor authentication as part of workflows. |
Manage API tokens | To create an API token that will be shared with Atomicwork for setting up the integration with Okta. |
View API tokens | To view and access the API token shared with Atomicwork. |
Group management permissions: To maintain access controls and assign users to the relevant groups.
Permission | Purpose |
View groups | To retrieve the list of groups and associated information for workflow actions and skills. |
Manage group membership | To add or remove users from groups through workflows and journey actions. |
Create groups | To create groups through workflows and journey actions. |
Application management permissions: To manage applications and assign user access based on group membership or direct assignments.
Permission | Purpose |
Manage applications | To view application details and client credentials, and to assign users to applications based on their group membership or direct assignment. |
Identity and access management permissions: To verify permissions during integration setup.
Permission | Purpose |
View roles | To ensure workflows have visibility into user roles for proper access control and auditing. |
View admin assignments | To verify administrators who are responsible for specific roles, ensuring proper workflow execution. |
Setup
Navigate to Settings > App Store > Okta, and click on Connect.
Type in your Okta URL (find out how to get your URL here) and copy in your API token (follow these instructions to create an API token).
The Okta API token carries the permissions of the user who creates it so please ensure you have all the permissions listed above before creating the token.
Test connection.
Click on Connect.
If an Okta action fails and you’re unsure if the problem is your connection, please check the token status first. Your token might have expired. Okta uses colors to show the token status.
Okta data sync
After an administrator connects an Okta account with Atomicwork, they have the option of enabling data sync so that Okta employee attributes are synced with Atomicwork.
This way, Atomicwork will be able to customize information access for employees based on their attributes
Go to Settings > App Store > Okta.
Click on Enable.
Review the attribute map that Atomicwork generated for your account. If you want to map an Okta attribute to a different attribute, you can modify the mapping on this screen.