Versions Compared

Old Version 3

changes.mady.by.user Mollie Aspley

Saved on

compared with

New Version Current

changes.mady.by.user Gemma Dowsett

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • If your company already uses Okta, your employees can sign into the Learn Amp platform using their single sign-on details.

  • Security comes first. Okta provides real-time security reporting and two-factor authentication, keeping your users’ data safe and secure.

  • If provisioning is enabled, Learn Amp will create new users as well as update and deactivate existing ones automatically to reflect changes made in Okta.

...

Information that can be synced

Our ‘Out of the box’ user provisioning integration with Learn Amp is able to map information from a number of predefined standard mappable fields which have been detailed in the table below:

Field in Okta

Field in Learn Amp

ID

n/aHonorific Prefix

title (e.g. Dr)

First NameFirst Name

first_name

Last NameLast Name

last_name

EmailEmail

emailProfile

picturePicture URL

Avataravatar

TitleJob Title

job_title

LanguageLanguage

primary_language

City

Location

Manager

Override Manager

Department

Primary Teamprimary_location

Department

primary_team

...

Syncing Additional Information

It is possible to sync additional or different data points from Okta in to Learn Amp’s custom fields. Some of the common fields are listed below but custom fields created in Okta can also be mapped across with the correct configuration.

Expand
titleFields in Okta

  • city

  • displayname

  • login

  • emoloyeenumber

  • division

  • countrycode

  • manageremail

  • managerid

  • hasdirectreports

  • nickname

  • secondemailmanagerid

  • joblevel

  • paygroup

  • startdate

...


Learn Amp uses Okta ID in its API calls to fetch a user’s details. Learn Amp does not display the Okta ID to end users in Learn Amp. Additionally, Learn Amp will fetch user details by looking up Email in Okta if we do have the Okta ID stored yet for the user.

...

User provisioning

Learn Amp performs a lookup using the the value of ‘email’ from Okta. If a matching user is not found in Learn Amp, Learn Amp creates the user and stores the Okta ID against this user for future logins.

...

Learn Amp performs a lookup using the the value of Okta ID. If a matching user is not found, Learn Amp will fetch user details using the value of ‘email’ from Okta. Learn Amp will update the user profile, storing the Okta ID against this user for future logins.

Permissions/Scopes Required

For our integration with Okta to work effectively, the following permissions scopes are requested from Learn Amp:

???

...

Required Stakeholders

To set up our Integration with Okta, you will need somebody with administrator level access to your Okta account. This person will also need administrator level access to your Learn Amp Live account for the period of time in which the Integration is being set up.

...

Full instructions on how to set up the Okta integration can be found within your Learn Amp account. Please go to yourdomain.http://learnamp.com/en/integrations/okta

...

Expand
titleCan I choose which group of users in Okta are synced with Learn Amp?

?Learn Amp is set up as an app within your Okta account. Only users who have been assigned the Learn Amp app on the Okta side will be synchronised to Learn Amp.

Expand
titleCan I create user accounts in Learn Amp without sending invitation emails?

Yes. When setting up the Okta integration you will have the option to withhold invitation emails. Invitation emails can be issued at any time from the Individuals page in Learn Amp.

...

Expand
titleHow often does Learn Amp sync with Okta?

Users are synced at least once every 24 hours at 3am GMT, but will be immediately* synced if they are invited to Okta or sync users is selected in Learn Amp.

Note: Immediate means that Okta sends a webhook notification to Learn Amp. We then process the action will be immediately sent to the queue, sometimes at time of peak traffic there may be minor delayscreate/update/delete action on the user. Webhooks from OKTA may take a minute or two to be sent to Learn Amp.

Expand
titleHow does Learn Amp deactivate users with Okta integraion?

??When setting up webhooks on the OKTA side, you will configure various life-cycle events to trigger a notification to Learn Amp to update the user. These include “deactivation”, “deletion” and “removal from the app”. All these events will trigger deactivation of the corresponding user on the Learn Amp side.

Expand
titleDoes the Okta integration sync team managers?

Typically within Learn Amp the manager is set by the users 'Primary Team' (the teams manager, becomes their manager). However for this integration, the 'Primary Team' manager will be overridden with the individuals manager within Okta (if selected as a mappable field). This means that teams will not have a manager, so you may wish to set these up as a sensible default if the manager field is missing within Okta.

...

Expand
titleCan we just use Okta for single sign on (SSO)?

Yes. Okta integration supports user provisioning and/or single sign on (SSO).

Expand
titleWhat API scopes are needed to set up the Okta integration?

Only the openid scope is required for authentication with OpenID Connect / OAuth2.
For user provisioning, the integration also makes requests to the:

You usually don’t have to specify scopes for the API token while setting up the integration.

Related articles

What is an Okta integration and how to use it?