Additional Information
This section contains information on additional attributes you can use to set up your provisioning policy.
Custom Attributes
To provision custom attributes you have created in the Okta system, add a matching attribute into the provisioning policy. For example, if you have the custom attributes; customAttr1 and customAttr2 on Okta and you need to provision them, you need to add customAttr1 and customAttr2 to the provisioning plan as well.
To add custom attributes, refer to Adding Attributes to Create Profile Page for Sources.
Account Status
The following table contains information on the status of created accounts:
|
Activate Checkbox |
Password |
Status on the Okta Managed System |
Status on Identity Security Cloud Source |
|---|---|---|---|
|
false |
Provided/Not Provided |
STAGED |
Disabled |
|
true |
Not Provided |
Pending user action |
Enabled |
|
true |
Provided |
PASSWORD_EXPIRED |
Enabled |
By default, the activate field value in 'Create Profile' section is true.
Account Status for Federation Provider
The following table contains information on the attributes used to configure a federation provider.
|
Activate Checkbox |
Password |
Provider Type |
Status on the Okta Managed System |
Status on Identity Security Cloud Source |
|---|---|---|---|---|
|
Unchecked |
Not Provided |
FEDERATION/SOCIAL |
STAGE |
Disabled |
|
Checked |
Not Provided |
FEDERATION/SOCIAL |
ACTIVE |
Enabled |
Support to Recovery Question and Answer in Provisioning
The Okta source can provision a recovery question and answer along with an account in the Okta native system.
Add the following attributes in the Create Profile section in the Okta configuration interface for an Okta account.
|
Account Attribute |
Generator |
Description |
|---|---|---|
|
recoveryQuestion |
Disable |
The recovery question for the user |
|
recoveryAnswer |
Disable |
The answer for the recovery question |
The following table contains information on the status of accounts.
|
Activate Checkbox |
Password |
Recovery Question and Answer |
Status on the Okta Managed System |
Status on Identity Security Cloud Source |
|---|---|---|---|---|
|
Unchecked |
Provided |
Not provided |
STAGED |
Disabled |
|
Checked |
Not Provided |
Provided |
Pending user action |
Enabled |
|
Checked |
Provided |
Provided |
ACTIVE |
Enabled |
Send Email Updates for Enable Account Provisioning Policy
When enabling a deprovisioned user, the system will not send an activation email to the user if the sendEmail attribute is set to false in the enable operation provisioning policy. The default value is true.
Note
For more information, contact SailPoint Services.
Setting a Password in Permanent Mode
The Okta source supports the ability to set a password in Permanent mode while creating a new account. In the Okta system, in the Create Profile section, configure setPasswordInPermanentMode. Set the value to true for creation of an account in Active mode. It sets a password in Permanent mode for the newly created account. By default, an account is created in the PASSWORD_EXPIRED mode.