Skip to main content
All CollectionsSalto for Okta
Okta Settings
Okta Settings
Lior Neudorfer avatar
Written by Lior Neudorfer
Updated over a month ago

After adding an Okta application connection to an environment, users can customize various aspects according to their unique setup.

To do this, go to the Environment Settings -> Application Connections -> click the three dots next to your application -> Edit Configuration File

For more information about changing settings, read the Salto Configuration File article.

Managing Users

Managing users is optional, and can be enabled by updating your Salto Configuration File.

By default, user support is disabled by the following settings -

okta {
  fetch = {
   include = [
     ...
   ]
   exclude = [
     {
       type = "User"
     },
   ]
  }
}

To enable the support, remove User type from the exclude list: 

okta {
  fetch = {
   include = [
     ...
   ]
   exclude = []
  }
}

For better visibility and management capabilities, consider also enabling Group Memberships.

Note
Salto does not fetch or manage any user’s credentials data such as passwords or recovery questions.

Managing Group Memberships

This includes a list of users assigned to each group.
If managing users was not enabled in your environment, assignments will be limited to the user login name, without any additional user data.

To enable group memberships in your environment, edit your Salto Configuration File, and update includeGroupMemberships to true:

okta {
  fetch = {  
    includeGroupMemberships = true

    include = ...

Extending Profile Mapping properties

Includes support in fetch and deploy of the mapping of attributes from the user profile to external service profiles.

To enable profile mapping properties support, edit your Salto Configuration File, and update includeProfileMappingProperties to true:

okta {
  fetch = {
    includeProfileMappingProperties = true    

    include = ...

Managing Identity Providers Json Web Keys

To support the deployment of SAML Identity Providers along with their keys, and to enable pushing them between environments, Salto supports JSON Web Key (JWK) management. This type is excluded by default but can be enabled by updating your Salto Configuration File.


By default, JSON Web Keys support is disabled by the following settings -

okta {
  fetch = {
   include = [
     ...
   ]
   exclude = [
     {
       type = "JsonWebKey"
     },
   ]
  }
}

To enable the support, remove JsonWebKey type from the exclude list: 

okta {
  fetch = {
   include = [
     ...
   ]
   exclude = []
  }
}

Excluding elements

You can edit the Salto Configuration File to exclude specific elements that you do not wish to view or manage with Salto. You can choose to exclude entire configuration types or specific configuration elements with certain properties. Salto allows you to exclude elements by their name, type, or status properties.
To do this, use the exclude list under the fetch section of the Salto Configuration File.

For example, this file excludes all roles which have "test" in their role name:

okta {
  fetch = {
    include = [
      {
        type = ".*"
      },
    ]
    exclude = [
      {
        type = "PasswordPolicy"
        criteria = {
          name = ".*test.*"
        }
      }
    ]
  }
}

Did this answer your question?