Introduction

Integrating Okta with Zluri requires careful consideration of permissions to ensure security and privacy. Creating a custom role in Okta through Okta admin settings allows for fine-grained control over access while minimizing scopes, thereby reducing potential risks. 

How-to Process
This guide outlines step-by-step instructions on how to connect Okta with Zluri with the least privileges required by creating a custom role within Okta and assigning it to an Okta user, who can integrate your Okta instance with Zluri without requiring to provide super admin access.

Create a New Role
Okta admin settings to create a custom role in Okta and assign it to an admin user without providing super admin access.

1. Log in to Okta Admin Dashboard using valid credentials.

2. Navigate to Security > Administrators from the left menu and click Roles to manage existing roles.

3. To initiate creating a new custom role, click Create new role.
   
   

4. Name the role appropriately, considering its purpose or context.
   
   

5. Select ‘User’, ‘Group  ‘Identity and Access Management’, and ‘Application’ permission options to provide Read-only or Read and Write permissions based on the automation requirement and click Save role.

Note: 

• Refer to the screenshots below to understand the Read and Write and Read-only permissions to select.

• To provide Read-only permission, you can expand the available permission option and select the relevant view permissions.

Read and Write

Read-only

Generate a New Resource Set
Okta admin settings to generate a resource set to assign the respective resources to it.

6. On the Administrators section, access the Resources tab and click Create new resource set.

7. Provide an appropriate name for the resource set information and click +Add resource.

8. On the ‘Add Resource’ pop-up, select ‘Users’, ‘Groups’, ‘Applications’, ‘Identity and Access Management’ and click Save selection.

Note: Similarly, include as resource sets.

9. Click Create to successfully generate the new resource set.

Assign the New Role to Admin User

Okta admin settings to assign the custom role to the desired admin user. In case the existing user has other admin roles, you can create a service user to connect Okta to Zluri and assign this custom role to that service user. Refer this article for steps to create a service user.

10. Navigate to Directory > People from the left menu.

11. Locate and select the preferred user to access their profile.

12. On the User details page, select Admin Roles tab and click Edit individual assignments.
    
    

Edit Individual User Assignments

Instead of modifying existing roles, add a new assignment for the custom role created earlier.

13. On the administrator assignment page, click Add assignment.

14. Select the newly created Role and Resource set from the drop-downs and click Save Changes.

Review and Confirm the Custom Role

Verify that the custom role and assigned resources are correctly applied to the admin user without having super admin access in Okta.

15. Review the changes to ensure the correct role and resource set are assigned to the user.

Note: If the Okta user that’s being assigned this custom role already has another administrative role assigned to them, such as Super Admin or Org Admin, then the API token that is generated will have the most privileged permissions rather than the permissions defined in the custom role