Salto

The Okta adapter fetches and deploys the following element types:

- This includes both Group Push settings and application-group assignments.

-  Deployment is limited to native Okta groups, see <a href="https://help.okta.com/en-us/Content/Topics/users-groups-profiles/usgp-group-types.htm" rel="nofollow noopener noreferrer" target="_blank">about group types</a> for more information.

Brands - Including email and page customizations

Global Session policies (Okta sign-on policy in Classic Engine)

Profile Enrollment policies (only available for OIE)

- By default, Salto does not fetch Profile Mapping properties and their push status. To include these properties, see <a href="https://intercom.help/salto-io/en/articles/10189183-okta-settings" rel="nofollow noopener noreferrer" target="_blank">Okta Settings article</a>.

Device Assurance Policies (only available for OIE)

Authorization Servers - Including scopes, claims, and policies

Users - Excluded by default but can be enabled through <a href="https://intercom.help/salto-io/en/articles/10189183-okta-settings" rel="nofollow noopener noreferrer" target="_blank">Okta settings</a>.

Group Assignments - Excluded by default but can be enabled through <a href="https://intercom.help/salto-io/en/articles/10189183-okta-settings" rel="nofollow noopener noreferrer" target="_blank">Okta settings</a>.

- Applications
  - This includes both Group Push settings and application-group assignments.
- Groups
  -  Deployment is limited to native Okta groups, see <a href="https://help.okta.com/en-us/Content/Topics/users-groups-profiles/usgp-group-types.htm" rel="nofollow noopener noreferrer" target="_blank">about group types</a> for more information.
- Group Rules
- Brands - Including email and page customizations
- Authentication policies
- Global Session policies (Okta sign-on policy in Classic Engine)
- Password policies
- Profile Enrollment policies (only available for OIE)
- MFA enrollment policies
- User, Group and Application schemas
- Profile Mappings
  - By default, Salto does not fetch Profile Mapping properties and their push status. To include these properties, see <a href="https://intercom.help/salto-io/en/articles/10189183-okta-settings" rel="nofollow noopener noreferrer" target="_blank">Okta Settings article</a>.
- Authenticators
- Behavior Rules
- Network Zones
- Account settings
- SMS Templates
- Trusted Origins
- Device Assurance Policies (only available for OIE)
- Identity Providers
- IdP policies
- Authorization Servers - Including scopes, claims, and policies
- Users - Excluded by default but can be enabled through <a href="https://intercom.help/salto-io/en/articles/10189183-okta-settings" rel="nofollow noopener noreferrer" target="_blank">Okta settings</a>.
- Group Assignments - Excluded by default but can be enabled through <a href="https://intercom.help/salto-io/en/articles/10189183-okta-settings" rel="nofollow noopener noreferrer" target="_blank">Okta settings</a>.

In addition to the elements listed above, the Okta adapter also supports the following types in a read-only format:

- Event Hooks
- Inline Hooks
- Features
- Roles
- Resource Sets

Some configuration elements are not fetched by default by Salto. However, they can be included for existing environments through your <a href="https://help.salto.io/en/articles/10189183-okta-settings">Okta settings</a>.

Included Types

Read-only elements