User Sync and Provisioning
      Back to home
      1. Knowledge Base
      2. User and Identity Management
      3. User Sync and Provisioning

      Sync employees from OKTA

      Syncronise users and associated metadata from OKTA into the CultureAI platform


      Overview

      OKTA can be configured to synchronize your user database with CultureAI, allowing seamless integration and authentication. 

      This guide covers the setup process, however if you need support or have specific requirements please get in touch.

      Good to know

      • You need the API Access Management feature within Okta to sync users to CultureAI, without this you will not be able to use the user syncing
      • The user.managerId attribute mapping (this can also be called "ManagerValue") must be set to an email in Okta. If this is set to something else, or that field isn't filled in, the manager data will not sync to CultureAI
      • If you de-sync or remove a user from your Okta app, their user details in CultureAI will be inactive, but are retained and can be reactivated again at a later date
      • When a user is removed / deactivated their activity (i.e. any behavioural events or risks triggered by them) and their training history are wiped and cannot be recovered if the user is reactivated later

      Supported Features

      The following features are supported:

      1. Push new users
        1. New users created in OKTA will automatically be created in the CultureAI platform, allowing immediate provisioning into your security culture program.
      2. Push profile updates
        1. Updates to users' profiles made in OKTA will be automatically synchronized and updated, ensuring that we are always using the most up to date information.
      3. Push user deactivation
        1. If users are deactivated or disabled in OKTA this will be replicated across to Culture AI, disabling their profile. Any associated progress will be saved, allowing for reactivation at a later date.
      4. Push user reactivation
        1. Reactivated users will be re-enabled in the platform and their progress restored allowing them to continue from where they left off.
      5. Push Groups
        1. Groups and associated user memberships can be pushed to the CultureAI platform which can be used within the Analytics platform and for further granular analysis.

      Setup

      Generate your OKTA tokens

      1. Head to the User Syncing section in the Users and Access section of your dashboard
      2. Click the "Add source of users" button and select "Okta"
      3. A new window should have popped up with the Okta set-up wizard
      4. Click "Continue" to generate your tokens
      5. Follow the steps in the Wizard to set-up the CultureAI Okta app
      6. Click "Continue" to finish setting up your sync

       

      Setting up CultureAI in Okta

      1. Login to OKTA 
      2. Click into the "Applications" section
      3. Click "Browse App Catalog
      4. Search for the CultureAI app
      5. Click "Add integration"
      6. Open up the app
      7. Under provisioning select "Configure API integration"
        mceclip0-3
      8. Enter the token provided by CultureAI and click save.
      9. Click "Edit" and enable synchronization of users, attributes and deactivate users:
        mceclip1-Jun-09-2022-11-55-59-91-AM
      10. 5. Configure any groups and memberships you wish to specifically push to CultureAI, 
        note that this does not push users only membership information which is useful for filtering.
        mceclip2-3

      Assign users to the CultureAI application in OKTA

      You can assign specific users or groups to the application, restricting what information is synchronized. This can be useful during testing or where you have specific subsets of users who you want to be on boarded. 

      For most organisations you are likely to want to synchronize all users. This can be done through the assignments tab, assign to groups:

      mceclip4-3

      Then select the 'Everyone' group or groups you wish to synchronise: