We use Okta and have set it up as a source. One challenge we have is that although the connector pulls Roles (standard roles) as an entitlement, it does not pull what resources the role has access to.
In Okta, you have standard roles such as App Admin, Group Admin, etc. But then users are restricted to certain resources such as X application or X group. So an App Admin may only be an admin for one application. I know this information is available via API from Okta but I was hoping there’s a way we can pull this info using the build in connector.
Does anyone know of a way to pull the user role targets/resources information through adding an entitlement type or some other way?
Here’s the documentation from Okta on user role targets/resources:
You can pull in this information by adding two more attributes to the account schema ‘applicationsManagedByRole’ and ‘groupTargetsHelpDeskAdminRole’. These are both multi-valued fields.
The applicationsManagedByRole will aggregate App Target and App Target instance objects and the ‘groupTargetsHelpDeskAdminRole’ will aggregate group target objects.
For anyone else trying to do this, the solution above by Liam OKeeffe worked. Just keep in mind that the value of the entitlement will contain the raw data so you will more than likely want to change the names of the entitlements once they have been aggregated.