Using a Custom Admin Role

Connect Okta to Zluri using a custom admin role

If you wish to delegate Zluriʼs Okta integration to a user or group without Super Admin credentials, you can assign them a custom admin role. This method requires more manual configuration, but gives greater control over the Zluri features you wish to use.

Prerequisites

  • Super Admin privileges in Okta (only required for creating the custom role)

Integration steps

Create a custom admin role

  1. Log in to Okta with a Super Admin account.

  2. In the admin dashboard, navigate to Security Administrators, then go to the Roles tab.

  3. Click Create new role.

  4. Name the role appropriately, considering its purpose or context.

  5. Depending on your use case, enable one of the following sets of permissions:

    Minimum required privilegesMaximum privileges
    User: View users and their details
    Group: View groups and their details
    Identity and Access Management: View roles, resources, and admin assignments
    Application: View application and their details
    Directories: View application directory integration
    User:

    - Edit users' lifecycle states
    - View users and their details
    - Edit users' profile attributes
    - Edit users' application assignments
    - Create users
    - Edit users' group membership
    Group: Manage groups
    Identity and Access Management: View roles, resources, and admin assignments
    Application: Manage applications
    Directories: Manage application directory integration

Generate a new resource set

  1. In the admin dashboard, navigate to Security Administrators, then go to the Resources tab. Then, click Create new resource set.

  2. Enter a name for the resource set information and click ➕ Add resource.

  3. On the Add Resource pop-up, select Users, Groups, Applications, and Identity and Access Management. Click Save selection.

  4. Click Create to generate the new resource set.

Assign the new role set to a user

  1. In the Admin Dashboard, navigate to Directory People.
  2. Locate and select the preferred user to access their profile. You can assign the role set to an existing admin or create a new service user.

❗️

If the existing user thatʼs being assigned this custom role already has another administrative role (e.g., Super Admin or Org Admin) assigned to them, then the API token that is generated in later steps will have the most privileged permissions rather than the permissions defined in the custom role.

  1. Go to the Admin Roles tab and click Edit individual assignments.

Add a new assignment for the custom role

  1. On the Administrator assignment page, click Add assignment.

  2. Select the newly created Role and Resource set from the drop-downs and click Save Changes.

Create an Okta API token

  1. In the admin dashboard, navigate to Security API, then go to the Tokens tab.

  2. Click Create token, and give it a name. Copy and securely store the generated token.

Connect the Okta instance in Zluri

  1. Open the Integrations Catalog, search for "okta", and click ➕ Connect.

  2. Choose the scopes for the integration, and click Continue. You can click the down-arrow button towards the right of a scope to find out what it does.

❗️

Make sure the scopes you choose correspond to the permissions that you enabled for the custom admin.

  1. Enter the previously generated API key and your Okta organization URL here. For example, if you access Okta using https://umbrellacorp.okta.com/, enter it here. If you aren't sure, consult this doc to find your Okta domain.
  2. Click Connect, give the connection a name and description, and you're ready to go!

Got questions? Feel free to submit a ticket or contact us directly at [email protected].