Versions Compared

Version Old Version 3 New Version Current
Changes made by

Girish Reddy

Girish Reddy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Import users, applications, groups, roles and other attributes from Okta to JSM Assets.

Configure the connection to Okta by going to OnLink (Manage your apps) - Connections. Then click on Add System and select “Idm/Device Assets Sources”.

...

Key or Map

Description

key:id=WorkerID

The keyword “key” refers to using Worker ID as a unique identifier. This allows OnLink to update the record.

map:profile.email=User

Maps email to User which can be an attribute of type User

config:search=status eq "STAGED"

Set search filter to limit workers returned. Here’s another example:

config:search=(profile.userType eq "Employee" or profile.userType eq "Contingent Worker")

config:page_size=500

Defaults to 200 but can be set to a max of 500

config:data_source Device Import

OnLink calls the “users” API by default. However this data_source config parameter allows you to change the API to any other Okta API. Here’s an example to get device info:

Devices:

key:id=DeviceID
map:profile.displayName=Device Name
map:profile.platform=Device Platform
map:profile.manufacturer=Device Manufacturer
map:profile.model=Device Model
map:profile.osVersion=Device OS Version
map:_embedded.users.0.user.profile.firstName=First Name
map:_embedded.users.0.user.profile.lastName=Last Name
map:_embedded.users.0.user.profile.email=Email
config:data_source=/api/v1/devices?limit=200&expand=userSummary

Mapping User Resources - Roles, Groups, Apps

To fetch groups, roles, apps assigned to users, use mapping below. This loads role, group, app names to the respective objects.

key:id=Username
map:profile.firstName=Firstname
map:profile.lastName=Lastname
map:roles=Roles|Name=${roles}
map:groups=Groups|Name=${groups}
map:apps=Apps|Name=${apps}
config:section=roles,groups,apps

Below is the example Okta User schema. Note that Groups and Apps point to Okta Groups object and its cardinality is set to max > 0 as each user can have more than one group or app assigned.

image-20250130-063509.pngImage Added

Map Additional Info - Groups

If you want to pull additional information from groups, you can do that with the below mapping.

Other API’s can be mapped in a similar way. This loads list of all groups and apps into their own Asset objects.

Groups:

key:id=Group ID
map:profile.name=Group Name
map:profile.description=Group Desc
config:data_source=api/v1/groups

Apps:

key:id=App ID
map:label=App Name
config:data_source=api/v1/apps

Then update User pull with below:

key:id=Username
map:profile.firstName=Firstname
map:profile.lastName=Lastname
map:roles=Roles|RoleID=${roles}
map:groups=Groups|GroupID=${groups}
map:apps=Apps|AppID=${apps}
config:section=roles,groups,apps

Any other field returned by the API can be used in the mapping.

...