Reputation: 1230
How to mark api-created Okta users as being provided by Active Directory
We’re currently running the Okta Active Directory agent in order to import our users into Okta.
I'd like to replace this with a custom built process that imports users into a new internal database, for other user-management-related activities, whilst also adding those users to Okta.
Creating the user in Okta is easy, but I also need to get the user's "provider" set to ACTIVE_DIRECTORY, so that Okta delegates authentication to Active Directory.
The documentation (http://developer.okta.com/docs/api/resources/users.html#provider-object) says that the User's Provider field is read-only.
How can I set it?
Upvotes: 1
Views: 207
Answers (2)
Reputation: 71
While you cannot directly manipulate the credential object you can leverage other features available to achieve the desired result.
- Create a group in Okta and configure it as a directory provisioning group. From the designated group select 'Manage Directories' add the desired Directory and follow the wizard to completion.
- Add the created users to the group (using the API)
Upvotes: 1
Reputation: 512
You unfortunately cannot set this property as we do not allow the creation of Active Directory users through the public API at this point.
If the purpose of the new process is simply to enrich the user's profile, can't you not achieve this by letting the AD agent sync the users and enrich the profile directly through the API?
Upvotes: 0
Related Questions
- How can I get all groups a user belongs to using Okta's API?
- How Authn/Authz work in AWS if I already have my users on okta
- How do I get a StateToken for basic Authentication through Okta with .net sdk?
- Display content based on group membership - OKTA + ReactJS
- Configured Sharepoint 2013 on-prem to use Okta SSO but get 'Sorry this site has not been shared with you' error
- Can I use the Java SDK for the Okta API to check for the existence of an Okta Session created by a user sign-on?