Okta Application Integration Setup

Getting started

BalkanID recommends creating a separate service account for the purposes of this integration, instead of using personal or employee named accounts.

Requirements:

• Okta Token

• Okta Site URL

Getting the Configuration

The following permissions are required by BalkanID in order to effectively pull users, groups and applications along with their respective accesses from Okta.

• View users and their details

• View groups and their details

• Manage group membership

  • Needed to get user membership to groups. Okta does not provide read only permission. This permission only allows to remove a user out of a group, but does not grant ability to add a user to a group. If this permission is not provided, anything that is granted through a group will not be connected to the user. Only applications assigned directly to the user will show up in BalkanID for that user.

• View application and their details

• View Roles and their details (Scope required okta.roles.read)

You can either create the token from an existing Super User Admin account or create a new service account to create this token. Creating a new service account within Okta for creating this token is out of scope of this document. This document should be assuming, you are logged into Okta account with the relevant permissions and steps involved in creating a token. Create an Okta token:

1. In Okta’s admin console, navigate to Security > API.

   
2. Click the Create Token button.

   
3. Provide a name for the token.

   
4. Copy the token value to your clipboard. Store it securely for future purposes.

   

Configure Okta within your BalkanID tenant

1. Login to the BalkanID application and switch to the tenant you would like to add your integration to.

2. Head to Integrations > Add Integration, select Okta.

   

   
3. Set up the Primary Application owner (mandatory) and the Description, if any. Set up Secondary Application Owner(s), if any.

   Select the Extraction Type. From here, you can configure your application using one of the following methods:

   1. Direct integration - Provide your Okta Token and Site URL obtained above to set up a direct connection with BalkanID.

   2. SCIM integration - Provide SCIM server credentials to set up a SCIM connection with BalkanID.

   3. Manual file upload - Upload Entity and Entity Relations through a .CSV file upload. Contact the team for assistance with this.

   4. Automated upload using API - You can upload data using our Bulk APIs with the help of an API key which will be provided to you. Please refer to the entity and entity relation upload docs for specific instructions on uploading your data through the API.

   
4. Click on next to move onto Optional Configuration.

5. Fill Optional configuration, if required.

1. Once you filled in the information, click Save. Your integration is now configured and you will see the status of the integration displayed alongside other integrations on the Integrations page. When data is available, the integration Status will read Connected and the integration Message will read Data available.

Integration Scopes