All Collections
Salto for Okta
Supported Okta Types
Supported Okta Types
Support avatar
Written by Support
Updated over a week ago

Included Types

The Okta adapter fetches and deploys the following element types by default:

  • Applications

    • This includes both Group Push settings and application-group assignments.

  • Groups

    • Deployment is limited to native Okta groups, see about group types for more information.

  • Group Rules

  • Brands

  • Authentication policies

  • Global Session policies (Okta sign-on policy in Classic Engine)

  • Password policies

  • Profile Enrollment policies (only available for OIE)

  • MFA enrollment policies

  • User, Group and Application schemas

  • Profile Mappings

    • By default, Salto does not fetch Profile Mapping properties and their push status. To include these properties, see "Enabling add-ons" section below.

  • Authenticators

  • Behavior Rules

  • Network Zones

  • Account settings

  • SMS Templates

  • Trusted Origins

  • Device Assurance Policies (only available for OIE)

  • IDP policies

Read-only elements

In addition to the elements listed above, the Okta adapter also supports the following types in a read-only format:

  • Authorization servers

  • Event Hooks

  • Inline Hooks

  • Features

  • Identity Providers

  • Roles

  • Resource Sets

Enabling add-ons

Some configuration elements are not fetched by default by Salto. However, they can be included for existing environments through your environment's Salto Configuration File.

  • Profile Mapping properties - Includes support in fetch and deploy of the mapping of attributes from the user profile to the external service profile.

  • Group Membership - This includes a list of users assigned to each group. Note that assignments are limited to the user login name, and Salto does not import any further user information.

To fetch configuration of additional types, add the corresponding feature to the "fetch" section of your environment's configuration file.

Here's an example which enables both Profile Mapping properties and Group Memberships:

okta {
fetch = {
includeProfileMappingProperties = true
includeGroupMemberships = true

include = ...

Excluding elements

You can edit the Salto Configuration File to exclude specific elements that you do not wish to fetch and manage with Salto. You can choose which types to exclude, and also which instances of these types. To do this, use the exclude list under the fetch section of the Salto Configuration File.

For example, this file excludes all roles which have "test" in their role name:

okta {
fetch = {
include = [
type = ".*"
exclude = [
type = "Role"
criteria = {
name = ".*test.*"

Did this answer your question?