Skip to content

Connecting Okta and CIEM

Once you have configured your Okta account, you can connect it to CIEM using a SaaS connector or VA-based connector:

Choose your next step based on your configuration

When you have completed the steps for your connection type, you can aggregate and mark the entitlement types that grant cloud access. You can then view the effective access those entitlements grant on aggregated Okta cloud resources and include cloud entitlements in certification campaigns.

Using the Okta SaaS Connector

If you are using Okta SaaS, follow the connector guide to enable SailPoint CIEM.

After a successful test connection, you will aggregate accounts and mark the entitlement types that grant cloud access.

Note

If you previously configured both the Okta SaaS and CIEM Okta connectors, you do not need to take additional action to continue receiving your data.

Using the Okta VA-Based Connector

If you are onboarding SailPoint CIEM using a VA-based connector instead of SaaS, you must configure both the Okta VA-based identity governance and CIEM Okta cloud governance connectors.
Okta VA-based connector Allows you to manage your Okta users and groups in Identity Security Cloud on a virtual appliance (VA).

If your organization has licensed SailPoint CIEM, it will also gather data about the AWS access granted to users through their Okta management groups.
SailPoint CIEM Okta cloud governance connector Works with your Okta identity governance connector to collect cloud resource data and display the effective access an identity has on aggregated cloud resources from Okta.

You may connect your Okta identity governance and SailPoint CIEM Okta cloud governance sources in any order.

After you've connected and aggregated your accounts and entitlements, you will mark the entitlements related to cloud access. This will allow you to view the cloud access granted through entitlements and include those entitlements in certification campaigns.

Connecting the Okta VA-Based Source

Follow the SailPoint Okta connector guide. You must then also use the CIEM Okta connector to display all access users have to your cloud resources.

Connecting SailPoint CIEM Okta

In addition to your Okta VA-based connection, you will also use the CIEM Okta source to pull daily data about the cloud resources your Okta IaaS users can access.

To create your CIEM Okta source:

  1. Go to Admin > Connections > Sources > Create New.

  2. Find the CIEM Okta source type and select Configure.

  3. Enter a source name.

  4. Enter a description for your source.

  5. In the Source Owner field, begin typing the name of an owner. Matches appear after you type two letters.

  6. (Optional) Select a governance group for source management.

  7. Select Continue.

  8. Select Connection Settings.

  9. Enter the URL where your organization's Okta instance is hosted in the Okta URL field. This must match the Okta URL in your identity governance Okta connector.

  10. Enter your Okta API token in the Application Token field. If you are using an API token to authenticate your Okta identity governance source, they must match.
  11. Enter the Application ID of your configured Okta instance. You can enter multiple application IDs separated by commas.
  12. Select Save.
  13. Select Review and Test.

  14. Review the configuration details and select Test Connection. A successful test is required for SailPoint CIEM to gather data for this source.

    Note

    If the test connection fails, you can use the Search query name:“Test_connection Source Failed” for more information.

After a successful test connection, you will mark the entitlement types that grant cloud access.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.