P0 App Documentation
Sign up for FreeSandbox
  • What Is P0?
    • πŸŽ›οΈIAM Dashboard
    • πŸ”ŽAccess Inventory
    • πŸͺ‘IAM Posture
    • ⏱️Just-In-Time Access
    • ♻️Service-Account Key Rotation
  • Getting Started
    • ⬇️Quick Start
    • 🎁Share P0 With Your Team
  • INVENTORY
    • πŸ—ΊοΈAccess Inventory
    • πŸ”¬Result Details
    • ❔Query Search
      • πŸ“–Search Reference
  • Posture
    • βš–οΈPosture Overview
  • Monitor Results
  • πŸ€”Finding Details
  • ORCHESTRATION
    • ⏰Just-in-time access
      • πŸ–οΈRequesting Access
        • πŸ‘‰For Another Party
      • 🏁Approving Access
        • Pre-approving Access
      • πŸ”€Request Routing
        • Google Cloud Filtering
        • AWS Filtering
  • Environments
    • ☁️Creating an Environment
    • πŸ““Environment Terminology
    • βš™οΈSettings
  • Integrations
    • πŸ“žNotifier integrations
      • πŸ’¬Slack
      • πŸ‘¬Microsoft Teams
      • πŸ“£Custom Notifier
    • πŸ”‘Resource integrations
      • ☁️Google Cloud
        • Requesting Access
        • Permissions Reference
          • Cloud Storage
          • Compute Engine
      • πŸ“¦AWS
        • Requesting Access
      • ☸️Kubernetes
        • Requesting Access
        • Advanced Requests
      • πŸ”‹PostgreSQL
        • Requesting Access
      • ❄️Snowflake
      • πŸ–₯️SSH
      • GitHub
        • Requesting Access
      • πŸ› οΈCustom Resource
    • πŸ‘₯Directory integrations
      • Microsoft Entra ID
        • Requesting Access
      • Google Workspace
      • Integrate P0 with Okta
    • βœ”οΈApproval integrations
      • πŸ””PagerDuty
    • πŸ”ŒSIEM Integrations
      • Splunk HEC Setup
  • P0 Management
    • 🎩Role-Based Access Control
Powered by GitBook
On this page
  • Prerequisites
  • Integrate Okta for P0
  • Configure Okta
  • Create an Application Instance
  • Configure Client Credentials
  • Assign API Scopes
  • Link Okta and P0
  • Configure Group Management
  1. Integrations
  2. Directory integrations

Integrate P0 with Okta

Last updated 20 days ago

This topic describes how to integrate P0 with your Okta instance for effective identity and access management. This integration enables you to:

  • Manage user access and permissions through your Okta instance

  • Provision AWS access when users federate via Okta SAML

  • Maintain an inventory of the user directory for Identity and Access Management (IAM) assessments

This guide contains the following sections:

Prerequisites

  • Existing P0 account at

  • Administrative access to an Okta instance. You must have one of the following roles:

    • Super Administrator

    • Application Administrator

Integrate Okta for P0

You can integrate Okta from the P0 app:

  1. From the list of Available components, click Directory listing.

  2. On the Directory listing page, click + Add directory.

Keep the browser tab open for the Okta Admin Dashboard page. You will return to this page in later steps.

  1. Copy the directory identifier directly from the URL in the browser's address bar.

Replace company.okta.com with your domain.

  • Ensure you copy the entire key. The contents of the key cannot be accessed again after you click Next.

  • Keep the browser tab open for the Directory listing page. You will return to this page in later steps.

Configure Okta

Configure settings in Okta to enable secure identity management for your P0 app. In this setup process you will:

Create an Application Instance

Use the application instance to create a secure identity for P0 within Okta, which enables authentication and access management:

  1. In the Okta browser tab, click Applications from the menu, then click Create App Integration.

  2. Select API Services as the application type, then click Next.

  3. Enter a name for your application (e.g. P0 Integration App), then click Save.

Configure Client Credentials

Configure the client credentials to set up the secure authentication keys:

  1. Select Applications in your Okta dashboard, then click the newly created application under the General tab.

  2. In the Client Credentials section, click Edit.

  3. Select Public key / Private key authentication, then click Add key.

  4. Uncheck the checkbox requiring "Proof of possession".

Assign API Scopes

Assign the API scopes that P0 needs, to manage permissions for users and groups in Okta:

  1. Click the Okta API Scopes tab.

  2. Select each of the following scopes, then click Grant to provide the required permissions:

    • okta.groups.read

    • okta.users.read

    • Okta.apps.manage - Allows P0 to configure and manage the Okta SAML application connected to AWS.

    • Okta.schemas.manage - Allows P0 to manage custom user schemas, ensuring accurate synchronization of user attributes with AWS.

Link Okta and P0

Connect the Okta Client ID with P0 to complete the integration:

  1. Return to the General tab of your Okta application, and copy the Client ID.

  2. Click Finish. Once installation is complete, your Okta directory is displayed on the Directory listing page.

Configure Group Management

Set up and manage user groups in Okta to control access and permissions:

  1. From the list of Available components, click Group assignment.

  2. On the Group assignment page, click + Add directory.

  3. Switch back to the Okta browser tab, click the Okta API Scopes tab.

  4. Add the okta.groups.manage scope to the Granted scopes by clicking Grant next to it.

  5. Click the Admin roles tab.

  6. Click Edit assignments.

  7. Select Add assignment.

  8. From the Role dropdown, select Group Membership Administrator and click Save Changes.

  9. Click Finish.

Congratulations! You’ve configured different identity groups after setting up Okta authentication for P0.

From the site, navigate to Integrations, then click Okta.

Keep the browser tab open for the Directory listing page. You will return to this page in later steps.

In a new tab, log into the .

Return to the browser tab for the Directory listing page, enter the directory identifier, which can be either a domain (e.g. example.com) or a URL (e.g.,example.com/director), and click Next.

Copy the Okta public key generated during the installation. You'll use the copied key to.

Do not click Next yet. You must complete the steps in before clicking Next.

Paste the public key you copied from P0 during the process, then click Done.

Return to the browser tab for the Directory listing page and click Next.

(Optional) If Amazon Web Services (AWS) user provisioning is set up using the , grant these scopes:

Return to the browser tab for the Directory listing page, and paste the Client ID into the Okta application client ID text field.

From the site, navigate to Integrations, then select Okta.

Select the from the dropdown and click Next.

Return to the browser tab for the Group assignment page and click Next.

πŸ‘₯
P0.app
P0.app
Okta Admin Dashboard
P0.app
P0.app
Okta SAML application
P0.app
p0.app
P0.app
P0.app
Prerequisites
Integrate Okta for P0
Configure Okta
Configure Group Management
Configure Okta
Configure Client Credentials
Create an Application Instance
Configure Client Credentials
Assign API Scopes
Link Okta and P0
public key generation
directory identifier