Add Okta to Zoho Directory | Admin Guide - Zoho Directory

Add Okta to Zoho Directory

Prerequisites:

Roles required in Zoho Directory to perform this action:

  • Organization Owner

  • Organization Admin

  • Custom Authentication with Okta

 

Roles required in Okta:

  • Admin

 

Plan required in Zoho Directory:

  • Free plan 

  • Professional plan (if you want to add multiple directories)

 

Add Okta to Zoho Directory

Using API
Using SCIM
Using API

In Okta:

  1. Log in to your Okta organization.
  2. In the left panel, click Applications, then click Applications.
  3. Click Create App Integration.
  4. In the page that opens, select OIDC - OpenID Connect as the Sign-in method and Web Application as the Application type.
  5. Click Next.
  6. In the form that opens, enter the App integration name; select Client Credentials and Refresh Tokens as the Grant Type; then enter the Sign-in redirect URIs based on your DC from the table given below:
    DC
    Sign-in redirect URI
    Japan
    US
    Europe
    China
    India
    Australia
    UK
    Canada
    Saudi Arabia

  7. Under Controlled access, select Skip group assignment for now and click Save.
  8. Under Assignments, click Assign, then click Assign to People.
  9. Click Assign against your profile, then click Save and go back, and then click Done.
  10. Under Okta API Scopes, click Grant against the okta.users.read scope.
  11. Under General, copy the Client ID and the Client Secret to your clipboard.
  12. Open your profile from the top-right corner, and copy your domain name to your clipboard.

In Zoho Directory:

  1. Sign in to Zoho Directory, then click Admin Panel in the left menu.
  2. Click Directory Stores, then click Add Directory.
  3. Click Add against Okta.
  4. Under API INTEGRATION, enter the Domain Name, Client ID, and Client Secret copied from your Okta organization; and click Next.
  5. In the next window, enter the credentials of your Okta administrator account and authenticate the integration.
  6. Map the fields available in Zoho Directory to the fields available in Okta. If you'd like all users synced from Okta to have the same value for a field, map that field with a hard-coded value. For example, if you want the value for the field 'Country' to be 'India', then you can type India as a value for the Hard-coded Value.
    To map a hard-coded value with a field:
    1. Click Edit next to a field.
    2. Enter the value you need in the Hard-coded Value field.
    3. Click Ok.
  7. Click Next.
  8. Under SETTINGS, next to Password Notification, choose how you want your users to receive their One Time Password. You can either send the OTP to the user, to the administrator, or notify no one.
    Notes
    Password Notification setting is only applicable to users whose email address has a verified domain name.
  9. Once you're finished, click Save and Next.
  10. Choose how the change in user status in Okta should reflect in Zoho Directory.
  11. Click Save and Close.
  12. Choose how you want to sync users from Okta based on the criteria applied in Zoho Directory. You can either choose to sync specific users based on a set of criteria or all users. You can use custom attributes to set criteria. You can also set multiple criteria based on your needs.
  13. To set criteria, select a criterion from the options, choose a relationship, and enter the criterion's value as needed. While adding more than one criterion, you can also choose to enter it manually. Click Edit, enter your condition(whether OR or AND) and click Save and Next.
  14. Enable Schedule Sync to import users from Okta automatically at a specified time interval. Choose how often the sync should run on a daily, weekly, or monthly basis, and set the preferred time in the Sync Interval.
  15. Once done, click Save and Close.
  16. Under IMPORT USERS, all users (except deleted users) will be fetched and shown depending on the chosen criteria. Select the users to import and click Import. The import summary will be displayed upon completion. Click Finish. If you select more than 200 users, users will be staged, and it might take time to list the users. Once finished, you can either view it or clear it for re-import.

Using SCIM
In Zoho Directory:
  1. Sign in to Zoho Directory, then click Admin Panel in the left menu.
  2. Go to Directory Stores, then click Add Directory.
  3. Click Add next to Okta.
  4. Under API INTEGRATION, note down the Sync endpoint and SCIM token. Later, you'll need to provide this information in Okta to enable sync.
  5. Click Next.
  6. Map the fields available in Zoho Directory to the fields available in Okta. If you'd like all users synced from Okta to have the same value for a field, map that field with a Hard-coded value. For example, if you want the value for the field 'Country' to be 'India', then you can type India as a value for the Hard-coded Value field.
    To map a hard-coded value with a field:
    1. Click Edit next to a field.
    2. Enter the value you need in the Hard-coded Value field.
    3. Click Ok.
  7. Click Next.
  8. Under SETTINGS, next to Password Notification, choose how you want your users to receive their One Time Password. You can either send the OTP to the user, or to the administrator or notify no one.
    Notes
    The Password Notification setting applies only to users whose email addresses have a verified domain name.
  9. Once you're finished, click Save and Next.
  10. Choose how the change in user status in Okta should reflect in Zoho Directory.
  11. Click Save and Close.

In Okta:

  1. Log in to your Okta organization.
  2. Select Applications in the left sidebar menu.
  3. Click Create App Integration. Select SAML 2.0, then click Next.
  4. Enter the required details in the General Settings tab, then click Next.
  5. Enter the Sign-in URL from the Custom Authentication tab in Zoho Directory in the Single sign-on URL field and for Audience URI in Okta enter zoho.com. Configure Custom Authentication with Okta in Zoho Directory's admin panel, if you haven't configured before. Once you're finished, click Next.
  6. Click I'm an Okta customer adding an internal app.
  7. Go to the General tab, click Edit under App Settings, and change the Provisioning option from None to SCIM. Once you're finished, click Save.
  8. Go to the Provisioning tab, then click Edit.
  9. Enter the Sync endpoint copied from Zoho Directory in the SCIM connector base URL field. Enter email in the Unique identifier field for users field, and select the Push New Users option (as well as Import New Users and Profile Updates, and Push Profile Updates, optionally) in the Supported provisioning actions field.
    Alert
    Note: Push Groups and Import Groups options cannot be selected for a custom app integration.
  10. Select HTTP Header from the dropdown menu in the Authentication Mode field.
  11. Enter the SCIM token copied from Zoho Directory in the Token field next to Authorization. Click Test Connector Configuration, then click Save.
  12. Click the Provisioning tab, select To App in the SETTINGS list, click Edit, then tick Enable checkbox next to the options you would like to enable, then click Save.
  13. For Import, select To Okta in the SETTINGS list, and in the User Creation & Mapping area, click Edit. Select Okta username format matches and click Save.
  14. Click the Import tab and click Import Now. Select Incremental Import and click Import.
  15. For user assignment, navigate to Assignments tab, click Assign, then select Assign to People. Select the users to assign. Click Assign, click Save and Go Back, and click Done.
  16. Note: The assignment will be synced immediately to Zoho Directory.
  17. Note: To check if the user you've assigned was synced properly, go back to the Zoho Directory Admin Panel, click Directory Stores in the left menu, click Okta, and check the Members tab.
  18. To edit, change, and delete the attribute mappings synced by Okta, navigate to Provisioning tab and scroll down.
  19. To add a custom mapping, click Go to Profile Editor, select Custom from Filters column, and then click Add Attribute. Enter the required details, and click Save.
  20. Note: Variable name for every custom mapping has to be unique, whereas External namespace can be the same.
  21. To add a custom attribute, select Directory in the left sidebar menu, then click Profile Editor. Select User (default) from the options, then select Custom from Filters column, and click Add Attribute. Enter the required details, and click Save.

 ​