Skip to main content

Okta Settings

Support avatar
Written by Support
Updated over 4 months ago

After adding an Okta application connection, users can customize various aspects according to their unique security setup.

To do this, go to the Application screen -> Okta App Connection Settings -> Edit Configuration File

For more information about changing settings, read the Tulip Configuration File article.

Managing Users

Managing users is optional, and can be enabled by updating your Tulip Configuration File.

By default, user support is disabled by the following settings -

okta {
  fetch = {
   include = [
     ...
   ]
   exclude = [
     {
       type = "User"
     },
   ]
  }
}

To enable the support, remove User type from the exclude list:

okta {
  fetch = {
   include = [
     ...
   ]
   exclude = []
  }
}

For better visibility and management capabilities, consider also enabling Group Memberships.

Note
Salto does not fetch or manage any user’s credentials data such as passwords or recovery questions.

Managing Group Memberships

This includes a list of users assigned to each group.
If managing users was not enabled in your application connection, assignments will be limited to the user login name, without any additional user data.

To enable group memberships in your application connection, edit your Tulip Configuration File, and update includeGroupMemberships to true:

okta {
  fetch = {  
    includeGroupMemberships = true

    include = ...

Extending Profile Mapping properties

Includes support in fetch and deploy of the mapping of attributes from the user profile to external service profiles.

To enable profile mapping properties support, edit your Tulip Configuration File, and update includeProfileMappingProperties to true:

okta {
  fetch = {
    includeProfileMappingProperties = true    

    include = ...

Managing Identity Providers Json Web Keys

To support the deployment of SAML Identity Providers along with their keys, and to enable pushing them between application connections, Tulip supports JSON Web Key (JWK) management. This type is excluded by default but can be enabled by updating your Tulip Configuration File.


By default, JSON Web Keys support is disabled by the following settings -

okta {
  fetch = {
   include = [
     ...
   ]
   exclude = [
     {
       type = "JsonWebKey"
     },
   ]
  }
}

To enable the support, remove JsonWebKey type from the exclude list:

okta {
  fetch = {
   include = [
     ...
   ]
   exclude = []
  }
}

Excluding elements

You can edit the Tulip Configuration File to exclude specific elements that you do not wish to view or manage with Tulip. You can choose to exclude entire configuration types or specific configuration elements with certain properties. Tulip allows you to exclude elements by their name, type, or status properties.
To do this, use the exclude list under the fetch section of the Tulip Configuration File.

For example, this file excludes all roles which have "test" in their role name:

okta {
  fetch = {
    include = [
      {
        type = ".*"
      },
    ]
    exclude = [
      {
        type = "PasswordPolicy"
        criteria = {
          name = ".*test.*"
        }
      }
    ]
  }
}
Related Articles
Tulip for Okta - Overview
Element references users which don’t exist in target environment (Okta)
Supported Okta Types
Tulip App Configuration
Tulip ID collisions
Did this answer your question?