Okta and Immuta Integration Checklist

Introduction

The checklist covers necessary info, including selecting the integration protocol (SAML, OpenID Connect, LDAP), setting up Okta applications, configuring attribute mappings, enabling SCIM provisioning, and verifying network security. Each section ensures that Okta is correctly configured to streamline the authentication and provisioning processes with Immuta, minimizing setup challenges and ensuring a smooth integration experience.

1. Determine Protocol for Integration:

• Confirm whether the customer will use SAML, OpenID Connect (OIDC), or LDAP for integration. The typical protocol most customers chosen to itnegrate with Immuta is SAML.

• Ensure the Immuta Identity Manager integration documentation has been reviewed to gain further overview of the Okta and Immuta integration.

2. Okta Application Creation

• Create an Application in Okta:

  • Ensure that the customer has created an Application in Okta to handle authentication with Immuta.

  • Location: Okta Admin Dashboard → Applications → Add Application.

  • Note: The type of application created (SAML, OpenID, or LDAP) will depend on the protocol chosen in the previous step.

3. Okta Application Setup

For each of the protocol, ensure the follow information is ready to provide to Immuta at setup:

• SAML :

  • Confirm that the Issuer from the Okta Application is noted. This value is required for Immuta’s SSO configuration.

  • Entry Point URL will redirect to SSO when users try to login from Immuta UI.

  • SAML signing certificate - download this; it is needed at setup on Immuta side.

  • These details can be found under: Okta Admin Dashboard → Applications → {your application} → Sign On → View Setup Instructions.

• ODIC :

  • Client ID & Client Secret: These are necessary for Immuta’s OIDC configuration. Ensure they are ready to input during the setup.

  • Base URL & IAM ID: The Okta Application will need Immuta’s base URL and IAM ID to complete the setup. The IAM ID will be the name of the integration from Immuta. i.e oktaodic

• LDAP : be ready to provide these details to Immuta to test LDAP connection, test user login, and test LDAP sync.

  • LDAP Bind DN and Bind password credentials

  • Okta LDAP host and port

  • LDAP user search base

  • LDAP user attribute or user search filter

  • LDAP group search base, group search filter, user group search filter.

4. SCIM Provisioning Considerations

For both SAML and OIDC integrations, the customer may opt to enable SCIM provisioning:

• SCIM is recommended for automatic user profile updates and provisioning.

  • Immuta's SCIM endpoint and SCIM API key can be available and be generated after integration is setup between Immuta and Okta.

  • Okta needs both the SCIM endpoint and the SCIM API key from Immuta to complete SCIM configuration on Okta.

• SCIM Attribute Schema:

  • Review available attributes in Okta for user attributes mappings. The mapping can be done after SCIM is enabled. This is under: Okta Admin -> Application -> {your app} -> Provisioning -> To App.