Aggregation Best Practices

Follow below mentioned approach for aggregation in the OKTA connector for better performance outcome:

Approach A: Caching

Note
Caching is recommended for environments having less number of connections(users to groups and/or application).

Aggregation is implemented by creating an application and group cache as explained in the following steps:

Okta connector creates cache of user connected to groups.
Okta connector creates cache of user connected to applications.
Okta connector then fetches the user profiles.
Okta connector maps the groups and applications of the fetched user profiles to the caches created during steps 1 and 2 above.

To improve the aggregation performance, use multiple threading for cache creation of groups and applications. Add the following key-value pair in the Source XML using the REST APIs to achieve multiple threading for cache creation:

POST https://{orgName}.api.identitynow.com/cc/api/source/update/{OktasourceID}

In the body of the POST, use the form-data as follows:

To create group cache:

Key: enableMultiThreadedCacheCreationGroups

Value: true

Key: groupCacheThreadSize

Value: 4
To create application cache:

Key: enableMultiThreadedCacheCreationApps

Value: true

Key: appCacheThreadSize

Value: 4

Note
Refer to Additional Configuration Parameters for more information.

Approach B: Sequential

Aggregation is implemented by sequential API call to fetch the user profiles followed by groups and applications with an ability to execute multiple partitions in parallel.

Note
Sequential is recommended for environment having large number of connections (users to groups and/or application).

Choose required set of attributes to manage.

Okta connector supports the management of Roles and Application entitlements assigned to the user. If not required the entitlements can be removed reducing API calls and hence improving the performance.
Optimize the configuration parameters and its values.
- Select the following configuration parameters to improve the performance:
  - ListUsersWithSearch: By default, the Okta source supports the Okta target managed system's 'List Users with Filter' feature for account aggregation. For Account aggregation with Okta's 'List Users with Search' feature ensure that you enable List Users With Search. The List Users with Search feature searches for users based on the properties specified in the search parameter(case insensitive). This operation supports pagination(to a maximum of 50000 results).
  - groupSkinnyUsers: Select Enable Group Skinny User to enable the skinny_user endpoint to fetch the groups connected to user in the Okta source. This attribute is only applicable for caching approach of account aggregation.
  - API Rate Limit: Enter the maximum API rate limit threshold as the maximum permissible call number.
  - Enable Partitioning to process the data in parallel across multiple threads. Also, set up the Number of Partitioning Thread.
- These configuration parameters can be enabled in your tenant using Additional Settings.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Aggregation Best Practices

Approach A: Caching

Approach B: Sequential

Documentation Feedback