Okta to JSM Assets

Import users, applications, groups, roles and other attributes from Okta to JSM Assets.

Configure the connection to Okta by going to OnLink (Manage your apps) - Connections. Then click on Add System and select “Idm/Device Assets Sources”.

Once connection is established, please review instructions here to get started with setting up an Assets import configuration. You can then access OnLink app from the “Manage your apps” menu to further configure and set the field level mapping. Here’s an example mapping configuration. Any field available in this Okta API can be used to map to the asset attribute.

key:id=WorkerID
map:profile.email=User
map:profile.firstName=First Name
map:profile.lastName=Last Name
map:profile.managerId=ManagerUserId
map:profile.manager=Manager Name
map:profile.department=Department

Here’s a breakdown of some of the mapping configuration items:

Key or Map	Description

Key or Map	Description
`key:id=WorkerID`	The keyword “key” refers to using Worker ID as a unique identifier. This allows OnLink to update the record.
`map:profile.email=User`	Maps email to User which can be an attribute of type User
`config:search=status eq "STAGED"`	Set search filter to limit workers returned. Here’s another example: config:search=(profile.userType eq "Employee" or profile.userType eq "Contingent Worker")
`config:page_size=500`	Defaults to 200 but can be set to a max of 500
`config:data_source` Device Import	OnLink calls the “users” API by default. However this data_source config parameter allows you to change the API to any other Okta API. Here’s an example to get device info: Devices: `key:id=DeviceID` `map:profile.displayName=Device Name` `map:profile.platform=Device Platform` `map:profile.manufacturer=Device Manufacturer` `map:profile.model=Device Model` `map:profile.osVersion=Device OS Version` `map:_embedded.users.0.user.profile.firstName=First Name` `map:_embedded.users.0.user.profile.lastName=Last Name` `map:_embedded.users.0.user.profile.email=Email` `config:data_source=/api/v1/devices?limit=200&expand=userSummary`
`Mapping User Resources - Roles, Groups, Apps`	To fetch groups, roles, apps assigned to users, use mapping below. This loads role, group, app names to the respective objects. `key:id=Username` `map:profile.firstName=Firstname` `map:profile.lastName=Lastname` `map:roles=Roles\|Name=${roles}` `map:groups=Groups\|Name=${groups}` `map:apps=Apps\|Name=${apps}` `config:section=roles,groups,apps` Below is the example Okta User schema. Note that Groups and Apps point to Okta Groups object and its cardinality is set to max > 0 as each user can have more than one group or app assigned.
`Map Additional Info - Groups`	If you want to pull additional information from groups, you can do that with the below mapping. Other API’s can be mapped in a similar way. This loads list of all groups and apps into their own Asset objects. Groups: `key:id=Group ID` `map:profile.name=Group Name` `map:profile.description=Group Desc` `config:data_source=api/v1/groups` Apps: `key:id=App ID` `map:label=App Name` `config:data_source=api/v1/apps` Then update User pull with below: `key:id=Username` `map:profile.firstName=Firstname` `map:profile.lastName=Lastname` `map:roles=Roles\|RoleID=${roles}` `map:groups=Groups\|GroupID=${groups}` `map:apps=Apps\|AppID=${apps}` `config:section=roles,groups,apps`

Any other field returned by the API can be used in the mapping.

OnLink processes data in two steps - Get Data and Import Data. To manually test, you can click on Get Data first and then wait until you see “No more pending records. Data will be imported on next Import run.” message in Job Logs. Then, click on Import. Production runs are fully automated based on the schedule you choose.

OnLink Documentation

Okta to JSM Assets

Analytics

Related content