Using a Custom Admin Role
Connect Okta to Zluri using a custom admin role
If you wish to delegate Zluriʼs Okta integration to a user or group without Super Admin credentials, you can assign them a custom admin role. This method requires more manual configuration, but gives greater control over the Zluri features you wish to use.
Prerequisites
- Super Admin privileges in Okta (only required for creating the custom role)
Integration steps
Create a custom admin role
-
Log in to Okta with a Super Admin account.
-
In the admin dashboard, navigate to Security → Administrators, then go to the Roles tab.
-
Click Create new role.
-
Name the role appropriately, considering its purpose or context.
-
Depending on your use case, enable one of the following sets of permissions:
Minimum required privileges Maximum privileges User: View users and their details
Group: View groups and their details
Identity and Access Management: View roles, resources, and admin assignments
Application: View application and their details
Directories: View application directory integrationUser:
- Edit users' lifecycle states
- View users and their details
- Edit users' profile attributes
- Edit users' application assignments
- Create users
- Edit users' group membership
Group: Manage groups
Identity and Access Management: View roles, resources, and admin assignments
Application: Manage applications
Directories: Manage application directory integration
Generate a new resource set
-
In the admin dashboard, navigate to Security → Administrators, then go to the Resources tab. Then, click Create new resource set.
-
Enter a name for the resource set information and click ➕ Add resource.
-
On the Add Resource pop-up, select Users, Groups, Applications, and Identity and Access Management. Click Save selection.
-
Click Create to generate the new resource set.
Assign the new role set to a user
- In the Admin Dashboard, navigate to Directory → People.
- Locate and select the preferred user to access their profile. You can assign the role set to an existing admin or create a new service user.
If the existing user thatʼs being assigned this custom role already has another administrative role (e.g., Super Admin or Org Admin) assigned to them, then the API token that is generated in later steps will have the most privileged permissions rather than the permissions defined in the custom role.
-
Go to the Admin Roles tab and click Edit individual assignments.
Add a new assignment for the custom role
-
On the Administrator assignment page, click Add assignment.
-
Select the newly created Role and Resource set from the drop-downs and click Save Changes.
Create an Okta API token
-
In the admin dashboard, navigate to Security → API, then go to the Tokens tab.
-
Click Create token, and give it a name. Copy and securely store the generated token.
Connect the Okta instance in Zluri
-
Open the Integrations Catalog, search for "okta", and click ➕ Connect.
-
Choose the scopes for the integration, and click Continue. You can click the down-arrow button towards the right of a scope to find out what it does.
Make sure the scopes you choose correspond to the permissions that you enabled for the custom admin.
- Enter the previously generated API key and your Okta organization URL here. For example, if you access Okta using
https://umbrellacorp.okta.com/
, enter it here. If you aren't sure, consult this doc to find your Okta domain. - Click Connect, give the connection a name and description, and you're ready to go!
Got questions? Feel free to submit a ticket or contact us directly at [email protected].
Updated about 2 months ago