Salto

The Okta adapter fetches and deploys the following element types:

AccessPolicy (App sign on policy in Classic engine, or Authentication policies in OIE)

Group (limited to native Okta groups, see <a href="https://help.okta.com/en-us/Content/Topics/users-groups-profiles/usgp-group-types.htm" rel="nofollow noopener noreferrer" target="_blank">about group types</a> for more information)

OktaSignOnPolicy (Global session policies in OIE)

- AccessPolicy (App sign on policy in Classic engine, or Authentication policies in OIE)
- Application
- Authenticator
- BehaviorRule
- Group (limited to native Okta groups, see <a href="https://help.okta.com/en-us/Content/Topics/users-groups-profiles/usgp-group-types.htm" rel="nofollow noopener noreferrer" target="_blank">about group types</a> for more information)
- GroupRule
- GroupSchema
- IdentityProviderPolicy
- MultifactorEnrollmentPolicy
- NetworkZone
- OktaSignOnPolicy (Global session policies in OIE)
- PasswordPolicy
- ProfileEnrollmentPolicy
- RoleAssignment
- Account settings
- UserSchema
- UserType

In addition, The Okta adapter supports the following element types as read-only:

- AuthorizationServer
- EmailTemplate
- EventHook
- Feature
- IdentityProvider
- InlineHook
- Role
- SmsTemplate
- TrustedOrigin

You can edit the <a href="https://help.salto.io/en/articles/7439324-salto-configuration-file">Salto Configuration File</a> to exclude specific elements that you do not wish to fetch and manage with Salto. You can choose which types to exclude, and also which instances of these types. To do this, use the exclude list under the fetch section of the Salto Configuration File.

For example, this file excludes all roles which have "test" in their role name:

okta { fetch = { include = [ { type = ".*" }, ] exclude = [ { type = "Role" criteria = { name = ".*test.*" } } ] } }