Comment on page
Installing the OKTA management agent
Once the management agent has been installed, you may need to restart the FIM Synchronization Service Client application if you do not see the
Okta (Lithnet)management agent type listed.
These settings control the behavior of the management agent.
This will include groups that are built into Okta itself. These groups have a type of
BUILT_INwithin Okta itself.
Allows the management agent to import groups with a type of
APP_GROUP. These are typically created by external applications, such as the Active Directory agent.
The management agent will always import groups of type
groupobject class is selected in the
Select Object Typespage of the management agent configuration.
If the management agent is with a deprovisioning action of 'Stage a delete of the object on the next run', you can configure the specific way that objects are deleted.
- Deactivate - Users are deactivated, but not deleted. Deactivated users will not be seen by FIM. Deletes will be confirmed on a delta import. Users must be deleted manually from Okta.
- Delete - Users will be deactivated and then automatically deleted. Deletes will only be confirmed on the next full import.
Instructs the management agent to automatically activate the users when they are created in Okta. If this option is not selected, the users are place in a
When the management agent is configured to activate new users, this setting allows you to specify if Okta should send an activation email to new users.
Select the object types that you wish to manage. As API calls are expensive, don't select any object types that you don't need.
Do note, that the group object type is currently read-only.
Select the attributes that you wish to manage. It is important to note that
idattribute is mandatory
- Selecting the
enrolledFactorsattributes will slow down your import process. These attributes each require a separate API call, and therefore can add significantly to the total time an import process will take. Consider the use of these attributes carefully.
Configure your attribute flows, filters and join rules as needed.
When provisioning new users, use any unique value as the DN, such as a GUID. The actual value does not matter. This will be replaced by the objectId during the confirming import.