Integrate P0 with Okta

This topic describes how to integrate P0 with your Okta instance for effective identity and access management. This integration enables you to:

• Manage user access and permissions through your Okta instance

• Provision AWS access when users federate via Okta SAML

• Maintain an inventory of the user directory for Identity and Access Management (IAM) assessments

This guide contains the following sections:

Prerequisites

• Existing P0 account at

• Administrative access to an Okta instance. You must have one of the following roles:

  • Super Administrator

  • Application Administrator

Integrate Okta for P0

You can integrate Okta from the P0 app:

2. From the list of Available components, click Directory listing.
3. On the Directory listing page, click + Add directory.

1. Copy the directory identifier directly from the URL in the browser's address bar.

Configure Okta

Configure settings in Okta to enable secure identity management for your P0 app. In this setup process you will:

Create an Application Instance

Use the application instance to create a secure identity for P0 within Okta, which enables authentication and access management:

1. In the Okta browser tab, click Applications from the menu, then click Create App Integration.
2. Select API Services as the application type, then click Next.
3. Enter a name for your application (e.g. P0 Integration App), then click Save.

Configure Client Credentials

Configure the client credentials to set up the secure authentication keys:

1. Select Applications in your Okta dashboard, then click the newly created application under the General tab.
2. In the Client Credentials section, click Edit.
3. Select Public key / Private key authentication, then click Add key.
5. Uncheck the checkbox requiring "Proof of possession".

Assign API Scopes

Assign the API scopes that P0 needs, to manage permissions for users and groups in Okta:

1. Click the Okta API Scopes tab.
2. Select each of the following scopes, then click Grant to provide the required permissions:

   • okta.groups.read

   • okta.users.read

3. • Okta.apps.manage - Allows P0 to configure and manage the Okta SAML application connected to AWS.

   • Okta.schemas.manage - Allows P0 to manage custom user schemas, ensuring accurate synchronization of user attributes with AWS.

Link Okta and P0

Connect the Okta Client ID with P0 to complete the integration:

1. Return to the General tab of your Okta application, and copy the Client ID.
3. Click Finish. Once installation is complete, your Okta directory is displayed on the Directory listing page.

Configure Group Management

Set up and manage user groups in Okta to control access and permissions:

2. From the list of Available components, click Group assignment.
3. On the Group assignment page, click + Add directory.
5. Switch back to the Okta browser tab, click the Okta API Scopes tab.
6. Add the okta.groups.manage scope to the Granted scopes by clicking Grant next to it.

7. Click the Admin roles tab.
8. Click Edit assignments.
9. Select Add assignment.
10. From the Role dropdown, select Group Membership Administrator and click Save Changes.
12. Click Finish.