Skip to main content

Privacera Documentation

Okta UserSync connector properties

Property

Description

Example

A) OKTA Connector Info

OKTA_CONNECTOR

Name of the connector.

OKTA

OKTA_ENABLED

Enabled status of connector. (true/false)

true

OKTA_SERVICETYPE

Type of service/connector.

okta

OKTA_DATASOURCE_NAME

Unique datasource name, used for identifying source of data and configuring priority list. (Optional)

OKTA_SERVICE_URL

Connector URL

https://{myOktaDomain}.okta.com

OKTA_API_TOKEN

API token

A8b2c84d-895a-4fea-82dc-401397b8e50c

OKTA_SYNC_INTERVAL

Frequency of usersync pulls and audit records in seconds. Default value is 3600, minimum value is 300.

3600

B) OKTA Manage/Ignore List of Users/Groups

OKTA_USER_LIST

List of users to manage from sync results. If this list is defined, all users not on this list will be ignored.

OKTA_IGNORE_USER_LIST

List of users to ignore from sync results.

OKTA_USER_LIST_STATUS

List of users to manage with status as equal to: STAGED, PROVISIONED,ACTIVE,RECOVERY,PASSWORD_EXPIRED,LOCKED_OUT or DEPROVISIONED. If this list is defined, all users not on this list will be ignored.

ACTIVE,STAGED

OKTA_USER_LIST_LOGIN

List of users to manage with user login name (can contain ). If this list is defined, all users not on this list will be ignored.

sw;mon,san

OKTA_USER_LIST_PROFILE_FIRSTNAME

List of users to manage with user first name (can contain ). If this list is defined, all users not on this list will be ignored.

sw;mon,san

OKTA_USER_LIST_PROFILE_LASTNAME

List of users to manage with user last name (can contain ). If this list is defined, all users not on this list will be ignored.

sw;mon,san

OKTA_LIST_PROFILE_EMAIL

List of users to manage with user email (can contain ). If this list is defined, all users not on this list will be ignored.

sw;mon,san

OKTA_LIST_TYPE

List of groups to manage with group type. If this list is defined, all groups not on this list will be ignored.

APP_GROUP,BUILT_IN,OKTA_GROUP

OKTA_GROUP_LIST

List of groups to manage from sync results. If this list is defined, all groups not on this list will be ignored.

OKTA_IGNORE_GROUP_LIST

List of groups to ignore from sync results.

OKTA_GROUP_LIST_SOURCE_ID

List of groups to manage with group source id. If this list is defined, all groups not on this list will be ignored.

0oa2v0el0gP90aqjJ0g7,0oa2v0el0gP90aqjJ0g8,0oa2v0el0gP90aqjJ0g0

OKTA_GROUP_LIST_PROFILE_NAME

List of groups to manage with group name. If this list is defined, all groups not on this list will be ignored.

group1,testGroup,testGroup2

C) OKTA Search

OKTA_SEARCH_USER_GROUPONLY

Boolean to only load users in groups.

false

OKTA_SEARCH_INCREMENTAL_ENABLED

Boolean to enable incremental search, syncing only changes since last search.

false

D) OKTA User/Group Attributes

OKTA_ATTRIBUTE_USERNAME

Attribute from user entry that would be treated as user name.

login

OKTA_ATTRIBUTE_FIRSTNAME

Attribute from user entry that would be treated as firstname.

firstName

OKTA_ATTRIBUTE_LASTNAME

Attribute from user entry that would be treated as lastname.

lastName

OKTA_ATTRIBUTE_EMAIL

Attribute from user entry that would be treated as email address.

email

OKTA_ATTRIBUTE_GROUPS

Attribute of user’s group list.

groups

OKTA_ATTRIBUTE_GROUPNAME

Attribute of a group’s name.

name

OKTA_ATTRIBUTE_ONLY

Sync only the attributes of users already synced from other services. (true/false)

false

E) OKTA Username Attribute Modifications

OKTA_ATTRIBUTE_USERNAME_VALUE_EXTRACTFROMEMAIL

Extract the user’s username from an email address. (e.g. username@domain.com -> username) The default is false.

false

OKTA_ATTRIBUTE_USERNAME_VALUE_PREFIX

Prefix to prepend to username. The default is blank.

OKTA_ATTRIBUTE_USERNAME_VALUE_POSTFIX

Postfix to append to the username. The default is blank.

OKTA_ATTRIBUTE_USERNAME_VALUE_TOLOWER

Convert the user’s username to lowercase. The default is false.

false

OKTA_ATTRIBUTE_USERNAME_VALUE_TOUPPER

Convert the user’s username to uppercase. The default is false.

false

OKTA_ATTRIBUTE_USERNAME_VALUE_REGEX

Attribute to replace username to matching regex. The default is blank.

F) OKTA Group Name Attribute Modifications

OKTA_ATTRIBUTE_GROUPNAME_VALUE_EXTRACTFROMEMAIL

Extract the group’s name from an email address (e.g. groupname@domain.com -> groupname). The default is false.

false

OKTA_ATTRIBUTE_GROUPNAME_VALUE_PREFIX

Prefix to prepend to the group's name. The default is blank.

OKTA_ATTRIBUTE_GROUPNAME_VALUE_POSTFIX

Postfix to append to the group's name. The default is blank.

OKTA_ATTRIBUTE_GROUPNAME_VALUE_TOLOWER

Convert group's name to lowercase. The default is false.

false

OKTA_ATTRIBUTE_GROUPNAME_VALUE_TOUPPER

Convert the group's name to uppercase. The default is false.

false

OKTA_ATTRIBUTE_GROUPNAME_VALUE_REGEX

Attribute to replace group's name to matching regex. The default is blank.