The Okta adapter fetches and deploys the following element types:
AccessPolicy (App sign on policy in Classic engine, or Authentication policies in OIE)
Application
Authenticator
BehaviorRule
Group (limited to native Okta groups, see about group types for more information)
GroupRule
GroupSchema
IdentityProviderPolicy
MultifactorEnrollmentPolicy
NetworkZone
OktaSignOnPolicy (Global session policies in OIE)
PasswordPolicy
ProfileEnrollmentPolicy
RoleAssignment
Account settings
UserSchema
UserType
In addition, The Okta adapter supports the following element types as read-only:
AuthorizationServer
EmailTemplate
EventHook
Feature
IdentityProvider
InlineHook
Role
SmsTemplate
TrustedOrigin
Excluding elements
You can edit the Salto Configuration File to exclude specific elements that you do not wish to fetch and manage with Salto. You can choose which types to exclude, and also which instances of these types. To do this, use the exclude list under the fetch section of the Salto Configuration File.
For example, this file excludes all roles which have "test" in their role name:
okta {
fetch = {
include = [
{
type = ".*"
},
]
exclude = [
{
type = "Role"
criteria = {
name = ".*test.*"
}
}
]
}
}