Sign up for FreeKnowledge Base

Okta

This topic describes how to integrate P0 with your Okta instance for effective identity and access management. This integration enables you to:

  • Manage user access and permissions through your Okta instance

  • Provision AWS access when users federate via Okta SAML

  • Maintain an inventory of the user directory for Identity and Access Management (IAM) assessments

This guide contains the following sections:

  1. Prerequisites

  2. Integrate Okta for P0

  3. Configure Okta

  4. Configure Group Management

Prerequisites

  • Existing P0 account at P0.app

  • Administrative access to an Okta instance. You must have one of the following roles:

    • Super Administrator

    • Application Administrator

Integrate Okta for P0

You can integrate Okta from the P0 app:

  1. From the P0.app site, navigate to Integrations, then click Okta.

  2. From the list of Available components, click Directory listing.

  3. On the Directory listing page, click + Add directory.

Keep the browser tab open for the P0.app Directory listing page. You will return to this page in later steps.

  1. In a new tab, log into the Okta Admin Dashboard.

Keep the browser tab open for the Okta Admin Dashboard page. You will return to this page in later steps.

  1. Copy the directory identifier directly from the URL in the browser's address bar.

  1. Return to the browser tab for the P0.app Directory listing page, enter the directory identifier, which can be either a domain (e.g. example.com) or a URL (e.g.,example.com/director), and click Next.

Replace company.okta.com with your domain.

  1. Copy the Okta public key generated during the installation. You'll use the copied key to Configure Okta.

  • Do not click Next yet. You must complete the steps in Configure Client Credentials before clicking Next.

  • Ensure you copy the entire key. The contents of the key cannot be accessed again after you click Next.

  • Keep the browser tab open for the Directory listing page. You will return to this page in later steps.

Configure Okta

Configure settings in Okta to enable secure identity management for your P0 app. In this setup process you will:

  1. Create an Application Instance

  2. Configure Client Credentials

  3. Assign API Scopes

  4. Link Okta and P0

Create an Application Instance

Use the application instance to create a secure identity for P0 within Okta, which enables authentication and access management:

  1. In the Okta browser tab, click Applications from the menu, then click Create App Integration.

  2. Select API Services as the application type, then click Next.

  3. Enter a name for your application (e.g. P0 Integration App), then click Save.

Configure Client Credentials

Configure the client credentials to set up the secure authentication keys:

  1. Select Applications in your Okta dashboard, then click the newly created application under the General tab.

  2. In the Client Credentials section, click Edit.

  3. Select Public key / Private key authentication, then click Add key.

  4. Paste the public key you copied from P0 during the public key generation process, then click Done.

  5. Uncheck the checkbox requiring "Proof of possession".

  6. Return to the browser tab for the P0.app Directory listing page and click Next.

Assign API Scopes

Assign the API scopes that P0 needs, to manage permissions for users and groups in Okta:

  1. Click the Okta API Scopes tab.

  2. Select each of the following scopes, then click Grant to provide the required permissions:

    • okta.groups.read

    • okta.users.read

  3. (Optional) If Amazon Web Services (AWS) user provisioning is set up using the Okta SAML application, grant these scopes:

    • Okta.apps.manage - Allows P0 to configure and manage the Okta SAML application connected to AWS.

    • Okta.schemas.manage - Allows P0 to manage custom user schemas, ensuring accurate synchronization of user attributes with AWS.

Link Okta and P0

Connect the Okta Client ID with P0 to complete the integration:

  1. Return to the General tab of your Okta application, and copy the Client ID.

  2. Return to the browser tab for the P0.app Directory listing page, and paste the Client ID into the Okta application client ID text field.

  3. Click Finish. Once installation is complete, your Okta directory is displayed on the Directory listing page.

Configure Group Management

Set up and manage user groups in Okta to control access and permissions:

  1. From the p0.app site, navigate to Integrations, then select Okta.

  2. From the list of Available components, click Group assignment.

  3. On the Group assignment page, click + Add directory.

  4. Select the directory identifier from the dropdown and click Next.

  5. Switch back to the Okta browser tab, click the Okta API Scopes tab.

  6. Add the okta.groups.manage scope to the Granted scopes by clicking Grant next to it.

  7. Click the Admin roles tab.

  8. Click Edit assignments.

  9. Select Add assignment.

  10. From the Role dropdown, select Group Membership Administrator and click Save Changes.

  11. Return to the browser tab for the P0.app Group assignment page and click Next.

  12. Click Finish.

Congratulations! You’ve configured different identity groups after setting up Okta authentication for P0.

Last updated