8.4 p1
Hello Team,
In IIQ, we need to manage okta users who are only assigned to a specific application in OKTA.
Our okta has lot of different irrelevant users that we dont care about, and bringing all in will be enormous waste of computing space,
Does anyone have any ideas?
Thanks
Are you planning to aggregate okta accounts into identityiq ?
If yes do you have filters to bring only the accounts that you want into IIQ - Set up filters in the SailPoint IdentityIQ connector for Okta to only import users associated with the desired application
If you don’t have filter option then in the customisation you ignore/skip the okta users/accounts which you don’t want by identifying an attribute.
You could map an attribute from that application to the Okta profile. Then you can set an account filter in SailPoint to aggregate only those users.
e.g. profile.Custom_String eq "Custom Value"
This involves adding custom attributes for all user profile in okta? doesnt sound like good idea since this population is very tiny, like less than 1% of users.
I could may be try and add these to a group, but then is there an okta user filter based on group?
Unfortunately the group membership relationship isn’t kept as a user profile attribute in Okta. So the filter to do something like profile.groups in "xyz" just wouldn’t be possible.
I’m sure there are several OOTB attributes that you aren’t using if you didn’t want to create a custom one. You should try testing in your lower or preview environment.
If you use a custom attribute make sure you enable “Enable List Users With Search” in your application definition which isn’t done by default.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.