Page Comparison

Why set up the Okta integration?

...

Have new joiners set up automatically.

...

Sync all existing users.

...

You can have users automatically created, deactivated, reactivated or updated from Okta via webhooks/Event hooks which you can configure within Okta.

How do I get access to the Okta integration

The Learn Amp team will need to enable the integration for you to access the details. Please contact us to get this set up for you. After this, the setup will be visible for admins and owners by clicking their profile image > Integrations > Okta. 

Is there anything I need to be aware of before setting up?

Setting up teams and managers

Typically within Learn Amp the manager is set by the users 'Primary Team' (the teams manager, becomes their manager). However for this integration, the 'Primary Team' manager will be overridden with the individuals manager within Okta. This means that teams will not have a manager, so you may wish to set these up as a sensible default if the manager field is missing within Okta.

Managers can view team members details, objectives, 1-to-1s, set tasks for them etc.

(View our ideas on future improvements to the way teams and managers will be set up at the bottom of this article).

To set up your okta integration:

...

What information can be synced?

• First Name

• Last Name

• Email

• Profile Picture

• Title

• Language

• Location

• Manager

• Department (to be used for “Team” within Learn Amp)

Setup

1. Sign in to your okta account:  https://www.okta.com.Click your account in right upper corner and click 'Your Org'.

2. You should get redirected to Okta admin dashboard. 
   

   Image Removed

3. In the top left hand side navigation bar, click Settings tab and choose Features.

4. In the Features page make sure, that Event Hooks box is checked.

5. In the top navigation bar, click Applications tab.

6. Click Add Application.

7. Click Create New App.

8. Select Web as Platform.

9. Select OpenID Connect as Sign on method. 
   

   Image Removed

10. Click Create.

11. Fill in the following form. 
    

    Image Removed

12. Fill in Application Name.

13. As Login redirect URIs provide:

     Copy

14. Next to Login redirect URIs click Add URI and provide:

     Copy

15. Click Save 

    Image Removed

16. Click Done.

17. If you get stuck, please refer to the Okta's documentation:https://developer.okta.com/docs/guides/saml-application-setup/overview/.

18. On the bottom of the page, there is a Client Credentials panel.

19. Copy Client ID and Client Secret and paste then into corresponding fields above.

20. Click Sign On tab.

21. Find OpenID Connect ID Token panel.

22. Copy link next to issuer and paste the link in Issuer field above.

23. Make sure, your user is assigned to the app.

24. Click Assignments tab.

25. From Assign dropdown and click Assign to People button.

26. Click Assign next to your user name.

27. Click Done.

28. On the Okta site, in the top navigation bar, below Security tab click API link.

29. Click Create Token button.

30. Fill in the name field and click Create Token.

31. Copy the Token Value and paste it into the API Token field above.

32. Save the form.

33. Before continuing integration, please make Okta admin user is assigned to the Okta app, in Okta domain.

34. Congratulations! The integration is finalised!

35. expand Applications and click Applications link below

36. Click a button Create App Integration

37. In the modal which would pop up, from available options, select option OIDC - OpenID Connect

38. A second list of options would appear. Please select Web Application

39. Click button Next

40. In the General Settings panel, fill in App Integration Name

41. In the Client acting on behalf of a user make sure all 3 options are checked:Authorization CodeRefresh TokenImplicit (hybrid)

42. As Sign-in redirect URIs provide: https://<subdomain>.learnamp.com/en-US/okta/auth_callback

43. Click  Add URI and in Sign-in redirect URIs field fill: https://<subdomain>.learnamp.com/users/auth/okta/callback

44. In the Assignments select an option, which fits you the best

45. Click Save

46. From Client Credentials panel, copy value from Client ID and paste in the corresponding field above

47. From Client Credentials panel, copy value from Client secrent and paste in the corresponding field above

48. From General Settings panel, copy value from Okta domain and paste in the field *API URL above

49. In the Left Hand Side Menu, expand Security tab, and click API link

50. In the tabs on the top, click Tokens

51. Click Create Token

52. In the modal which would pop up, fill in What do you want your token to be named? field

53. Click Create Token

54. Copy value in Token Value and paste in to the field API Token above

55. Save the form above

56. When the page reloads, click the button Connect to Okta

57. Congratulations! The integration is now finalised!

Please follow these steps to enable instant updates (Event Hooks):

1. In the Left Hand Side Menu, expand Workflow and click Event Hooks

2. Click Create Event Hook button

3. Fill in Name

4. Fill in URL with: https://<subdomain>.learnamp.com/webhooks/okta

5. Fill in Authentication field with: Authorization

6. Fill in Authentication secret with: <secret-from-learnamp-okta-setup-page>

7. Please add the following for Subscribe to events:

   • User assigned to app

   • User added to group

   • User's Okta profile updated

   • User unassigned from app

   • User deactivated

   • User removed from group

   • User reactivated

   • User deleted

8. Click Save & Continue

Usage

How do I make sure the users Sync?

...

Note: Immediate means that the action will be immediately sent to the queue, sometimes at time of peak traffic there may be minor delays.

Future improvement to teams and managers

We Setting up teams and managers

Typically within Learn Amp the manager is set by the users 'Primary Team' (the teams manager, becomes their manager). However for this integration, the 'Primary Team' manager will be overridden with the individuals manager within Okta. This means that teams will not have a manager, so you may wish to set these up as a sensible default if the manager field is missing within Okta.

Managers can view team members details, objectives, 1-to-1s, set tasks for them etc.

In the future, to improve this we will give an option on the integration on how the manager will be handled by the system. How should managers be handled?We will also:

1. Set manager at an individual level: Directly match the data in Okta, by setting a manager on an individual using our 'Override manager' setting.

2. Set manager at a team level: When the first user is added to a team, take their manager as the manager of that team. 

...