Skip to main content

Automation on fetching user accounts for Okta

To automatically fetch user accounts into Okta without needing to manually import them, you should set up a Directory Integration that allows Okta to sync users from an external directory, such as Active Directory (AD), LDAP, or through a SCIM integration. Here's how to approach each method:

Active Directory (AD) Integration (Most Common)

This is the best option if you're using Windows Server AD.

Steps:

  1. Install the Okta AD Agent on a domain-joined Windows Server.

  2. In the Okta Admin Console:

    • Go to Directory > Directory Integrations.

    • Click Add Directory > Add Active Directory.

  3. Follow the wizard:

    • Provide domain credentials.

    • Select the OUs you want to sync.

    • Schedule automatic imports (default every hour).

  4. After setup, Okta will automatically sync users and groups from AD to Okta.

Okta will periodically pull new users, updates, and removals.

LDAP Directory Integration

If you're using OpenLDAP or similar:

Steps:

  1. Install the Okta LDAP Agent on a server that can access your LDAP directory.

  2. Go to Directory > Directory Integrations in Okta and add your LDAP configuration.

  3. Schedule sync or enable real-time sync depending on the directory.

SCIM (System for Cross-domain Identity Management)

If your source system supports SCIM (like HR systems, custom apps, etc.):

Steps:

  1. Ensure the external system supports SCIM 2.0.

  2. In Okta, go to Applications > add SCIM-based integration (or create a custom SCIM app).

  3. Configure:

    • SCIM base URL

    • Bearer token

  4. Okta will auto-provision and deprovision users via SCIM.

Okta Workflows or API Automation (Advanced)

For custom scenarios (e.g. syncing from a CSV, API, or Google Workspace):

  • Use Okta Workflows or the Okta API to periodically fetch and push user data.

  • Okta Workflows has connectors to services like Google Sheets, Slack, Salesforce, etc.

  • You can build a scheduled flow that fetches data and creates users in Okta.

Manual Import = Only Needed If:

  • You don’t use a supported directory or SCIM.

  • You're uploading static CSV files.

Sync Frequency

  • AD/LDAP: Every 1 hour (default), configurable

  • SCIM: Real-time (if supported), or scheduled via Okta

  • API/Workflows: As you define it (e.g., every 15 minutes)

No Comments
Back to top