Included Types
The Okta adapter fetches and deploys the following element types by default:
Applications
This includes both Group Push settings and application-group assignments.
Groups
Deployment is limited to native Okta groups, see about group types for more information.
Group Rules
Brands
Authentication policies
Global Session policies (Okta sign-on policy in Classic Engine)
Password policies
Profile Enrollment policies (only available for OIE)
MFA enrollment policies
User, Group and Application schemas
Profile Mappings
By default, Salto does not fetch Profile Mapping properties and their push status. To include these properties, see "Enabling add-ons" section below.
Authenticators
Behavior Rules
Network Zones
Account settings
SMS Templates
Trusted Origins
Device Assurance Policies (only available for OIE)
IDP policies
Read-only elements
In addition to the elements listed above, the Okta adapter also supports the following types in a read-only format:
Authorization servers
Event Hooks
Inline Hooks
Features
Identity Providers
Roles
Resource Sets
Enabling add-ons
Some configuration elements are not fetched by default by Salto. However, they can be included for existing environments through your environment's Salto Configuration File.
Profile Mapping properties - Includes support in fetch and deploy of the mapping of attributes from the user profile to the external service profile.
Group Membership - This includes a list of users assigned to each group. Note that assignments are limited to the user login name, and Salto does not import any further user information.
To fetch configuration of additional types, add the corresponding feature to the "fetch" section of your environment's configuration file.
Here's an example which enables both Profile Mapping properties and Group Memberships:
โ
okta {
fetch = {
includeProfileMappingProperties = true
includeGroupMemberships = true
include = ...
Excluding elements
You can edit the Salto Configuration File to exclude specific elements that you do not wish to fetch and manage with Salto. You can choose which types to exclude, and also which instances of these types. To do this, use the exclude list under the fetch section of the Salto Configuration File.
For example, this file excludes all roles which have "test" in their role name:
okta {
fetch = {
include = [
{
type = ".*"
},
]
exclude = [
{
type = "Role"
criteria = {
name = ".*test.*"
}
}
]
}
}