Versions Compared

Version Old Version 2 New Version Current
Changes made by

Girish Reddy

Girish Reddy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Import users, applications, groups, roles and other attributes from Okta to JSM Assets.

Configure the connection to Okta by going to OnLink (Manage your apps) - Connections. Then click on Add System and select “Other Idm/Device Assets Sources”.

Once connection is established, please review instructions here to get started with setting up an Assets import configuration. You can then access OnLink app from the “Manage your apps” menu to further configure and set the field level mapping. Here’s an example mapping configuration. Any field available in this Okta API can be used to map to the asset attribute.

key:id=WorkerID
map:profile.email=EmailUser
map:profile.firstName=First Name
map:profile.lastName=Last Name
map:profile.managerId=ManagerUserId
map:profile.manager=Manager Name
map:profile.department=Department

...

Key or Map

Description

key:id=WorkerID

The keyword “key” refers to using Worker ID as a unique identifier. This allows OnLink to update the record.

map:profile.email=User

Maps email to User which can be an attribute of type User

config:search=status eq "STAGED"

Set search filter to limit workers returned. Here’s another example:

config:search=(profile.userType eq "Employee" or profile.userType eq "Contingent Worker")

config:page_size=500

Defaults to 200 but can be set to a max of 500

config:data_source Device Import

OnLink calls the “users” API by default. However this data_source config parameter allows you to change the API to any other Okta API. Here’s an example to get device info:

Devices:

key:id=DeviceID
map:profile.displayName=Device Name
map:profile.platform=Device Platform
map:profile.manufacturer=Device Manufacturer
map:profile.model=Device Model
map:profile.osVersion=Device OS Version
map:_embedded.users.0.user.profile.firstName=First Name
map:_embedded.users.0.user.profile.lastName=Last Name
map:_embedded.users.0.user.profile.email=Email
config:data_source=/api/v1/devices?limit=200&expand=userSummary

Mapping User Resources - Roles, Groups, Apps

To fetch groups, roles, apps assigned to users, use mapping below. This loads role, group, app names to the respective objects.

key:id=Username
map:profile.firstName=Firstname
map:profile.lastName=Lastname
map:roles=Roles|Name=${roles}
map:groups=Groups|Name=${groups}
map:apps=Apps|Name=${apps}
config:section=roles,groups,apps

Below is the example Okta User schema. Note that Groups and Apps point to Okta Groups object and its cardinality is set to max > 0 as each user can have more than one group or app assigned.

image-20250130-063509.pngImage Added

Map Additional Info - Groups

If you want to pull additional information from groups, you can do that with the below mapping.

Other API’s can be mapped in a similar way. This loads list of all groups and apps into their own Asset objects.

Groups:

key:id=Group ID
map:profile.name=Group Name
map:profile.description=Group Desc
config:data_source=api/v1/groups

Apps:

key:id=App ID
map:label=App Name
config:data_source=api/v1/apps

Then update User pull with below:

key:id=Username
map:profile.firstName=Firstname
map:profile.lastName=Lastname
map:roles=Roles|RoleID=${roles}
map:groups=Groups|GroupID=${groups}
map:apps=Apps|AppID=${apps}
config:section=roles,groups,apps

Any other field returned by the API can be used in the mapping.

...