Okta User Provisioning and SSO Integration

Owned by Mollie Aspley
Last updated: May 10, 2023 by Gemma Dowsett
5 min read

Integration Summary

Okta is a Cloud Identity Provider which facilitates a secure and efficient Single Sign-on. We integrate with Okta to provide you with a seamless login experience. Our integration with Okta can also automatically create, deactivate, reactivate or update users in Learn Amp.

Main Features

  • If your company already uses Okta, your employees can sign into the Learn Amp platform using their single sign-on details.

  • Security comes first. Okta provides real-time security reporting and two-factor authentication, keeping your users’ data safe and secure.

  • If provisioning is enabled, Learn Amp will create new users as well as update and deactivate existing ones automatically to reflect changes made in Okta.

Information that can be synced

Our user provisioning integration with Learn Amp is able to map information from a number of predefined standard fields which have been detailed in the table below:

Field in Okta

Field in Learn Amp

Field in Okta

Field in Learn Amp

Honorific Prefix

title (e.g. Dr)

First Name

first_name

Last Name

last_name

Email

email

Picture URL

avatar

Title

job_title

Language

primary_language

City

primary_location

Department

primary_team

Syncing Additional Information

It is possible to sync additional or different data points from Okta in to Learn Amp’s custom fields. Some of the common fields are listed below but custom fields created in Okta can also be mapped across with the correct configuration.

  • city

  • displayname

  • login

  • emoloyeenumber

  • division

  • countrycode

  • manageremail

  • managerid

  • hasdirectreports

  • nickname

  • secondemail

  • joblevel

  • paygroup

  • startdate

 

Please Note: These requests will be handled by your Implementation Coach and will require custom development work to be undertaken by our technical team. The time taken to complete this work is chargeable or can be deducted from your Implementation budget at your Coaches' discretion.

Known Limitations/ Considerations

Team Managers: The Okta integration will sync each individual users' manager into Learn Amp if the data is available to do so (manager field in Okta). This is what is known as an Override Manager in Learn Amp. The Integration does not have the ability sync Team/Department managers into Learn Amp. However, Team managers can be configured within Learn Amp to work in conjunction with Override Managers. Your Implementation Coach can provide further details on this.

Team Hierarchy: Learn Amp will create a team for each of the individual departments that are stored in your Okta account. These will be presented as a flat structure in your Learn Amp account and will not consider any parent/child relationships between your departments.

However, once you have completed your initial sync, you will be able to easily create parent/child relationships with your teams in Learn Amp which will be saved moving forward. Your Implementation Coach can provide further details on this.

How the Platforms Connect

Learn Amp connects to Okta using OpenID Connect. Okta updates Learn Amp via webhooks which you can configure within Okta.

Learn Amp makes 2 different API calls to Okta

Called when Learn Amp receives webhook notification that a single user’s details have changed.

Called every 24 hours to ensure that all user details are up to date.


Learn Amp uses Okta ID in its API calls to fetch a user’s details. Learn Amp does not display the Okta ID to end users in Learn Amp. Additionally, Learn Amp will fetch user details by looking up Email in Okta if we do have the Okta ID stored yet for the user.

User provisioning

Learn Amp performs a lookup using the the value of ‘email’ from Okta. If a matching user is not found in Learn Amp, Learn Amp creates the user and stores the Okta ID against this user for future logins.

Single sign on (SSO)

Learn Amp performs a lookup using the the value of Okta ID. If a matching user is not found, Learn Amp will fetch user details using the value of ‘email’ from Okta. Learn Amp will update the user profile, storing the Okta ID against this user for future logins.

Required Stakeholders

To set up our Integration with Okta, you will need somebody with administrator level access to your Okta account. This person will also need administrator level access to your Learn Amp Live account for the period of time in which the Integration is being set up.

Set up Instructions

Full instructions on how to set up the Okta integration can be found within your Learn Amp account. Please go to yourdomain.learnamp.com/en/integrations/okta

Other Frequently Asked Questions

Learn Amp is set up as an app within your Okta account. Only users who have been assigned the Learn Amp app on the Okta side will be synchronised to Learn Amp.

Yes. When setting up the Okta integration you will have the option to withhold invitation emails. Invitation emails can be issued at any time from the Individuals page in Learn Amp.

Related articles

https://learnamp.atlassian.net/wiki/spaces/KB/pages/338329611

Contact Support | Privacy Policy