Integrate P0 with Okta
Last updated
Last updated
This topic describes how to integrate P0 with your Okta instance for effective identity and access management. This integration enables you to:
Manage user access and permissions through your Okta instance
Provision AWS access when users federate via Okta SAML
Maintain an inventory of the user directory for Identity and Access Management (IAM) assessments
This guide contains the following sections:
Existing P0 account at
Administrative access to an Okta instance. You must have one of the following roles:
Super Administrator
Application Administrator
You can integrate Okta from the P0 app:
From the list of Available components, click Directory listing.
On the Directory listing page, click + Add directory.
Copy the directory identifier directly from the URL in the browser's address bar.
Ensure you copy the entire key. The contents of the key cannot be accessed again after you click Next.
Keep the browser tab open for the Directory listing page. You will return to this page in later steps.
Configure settings in Okta to enable secure identity management for your P0 app. In this setup process you will:
Use the application instance to create a secure identity for P0 within Okta, which enables authentication and access management:
In the Okta browser tab, click Applications from the menu, then click Create App Integration.
Select API Services as the application type, then click Next.
Enter a name for your application (e.g. P0 Integration App), then click Save.
Configure the client credentials to set up the secure authentication keys:
Select Applications in your Okta dashboard, then click the newly created application under the General tab.
In the Client Credentials section, click Edit.
Select Public key / Private key authentication, then click Add key.
Assign the API scopes that P0 needs, to manage permissions for users and groups in Okta:
Click the Okta API Scopes tab.
Select each of the following scopes, then click Grant to provide the required permissions:
okta.groups.manage
okta.users.read
Okta.apps.manage - Allows P0 to configure and manage the Okta SAML application connected to AWS.
Okta.schemas.manage - Allows P0 to manage custom user schemas, ensuring accurate synchronization of user attributes with AWS.
Connect the Okta Client ID with P0 to complete the integration:
Return to the General tab of your Okta application, and copy the Client ID.
Click Finish. Once installation is complete, your Okta directory is displayed on the Directory listing page.
Set up and manage user groups in Okta to control access and permissions:
From the list of Available components, click Group assignment.
On the Group assignment page, click + Add directory.
Switch back to the Okta browser tab, click the Admin roles tab.
Click Edit assignments.
Select Add assignment.
From the Role dropdown, select Group Administrator and click Save Changes.
Click Finish.
Congratulations! Youβve configured different identity groups after setting up Okta authentication for P0.
From the site, navigate to Integrations, then click Okta.
Keep the browser tab open for the Directory listing page. You will return to this page in later steps.
In a new tab, log into the .
Return to the browser tab for the Directory listing page, enter the directory identifier, which can be either a domain (e.g. example.com) or a URL (e.g.,example.com/director), and click Next.
Copy the Okta public key generated during the installation. You'll use the copied key to.
Do not click Next yet. You must complete the steps in before clicking Next.
Paste the public key you copied from P0 during the process, then click Done.
Return to the browser tab for the Directory listing page and click Next.
(Optional) If Amazon Web Services (AWS) user provisioning is set up using the , grant these scopes:
Return to the browser tab for the Directory listing page, and paste the Client ID into the Okta application client ID text field.
From the site, navigate to Integrations, then select Okta.
Select the from the dropdown and click Next.
Return to the browser tab for the Group assignment page and click Next.
