Skip to main content

Importing user application lists from Okta

If you are importing user application lists for access reviews, Hyperproof may not have a Hypersync for all the applications you need to review. Identity and Access Management applications, such as Okta, contain user lists for many applications. With the Okta Universal Hypersync you can retrieve user application lists for both cloud and on-premises applications configured in Okta.

Note

Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance meeting the requirements to integrate with Hyperproof and collect the proof you need.

Requirements

Fulfill the following requirements to connect to Okta, configure the applications it contains, and allow the Hypersync to collect user application lists.

Important

It’s recommended to create a service account to generate the API key (note that the API key has the same permissions as the user who created it). The service account should be granted the Read-only Administrator role to allow the Hypersync to gather all necessary information.

Create a custom role with these specific permissions

  • View users and their details

  • View groups and their details

  • View application and their details

This custom role allows access to lists of users.

Configure the applications in Okta

  • Each application must have an application profile populated with users with the specific data you want to collect. This includes first and last name, email, role, and any other fields you require.

  • In the Okta Profile Editor, you must map user fields for each application to the corresponding Okta fields. The fields that must be mapped in Okta include login, firstName, lastName, email, and userType.

Enable the Okta Profile Mappings API

  • The Okta Profile Mappings API is required. Email Okta support and request that they enable the API for your Okta instance.

Note

You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need. Additionally, you can create multiple Hypersyncs for a single control or label.

Tip

If you don’t know your access token or don’t have one, you can create one from the Okta Security> API page.

After configuring all requirements in Okta, see Importing a list of application users from an Identity Provider (IdP) for information on importing user lists. Only active applications display when configuring the Hypersync in Hyperproof.

In this section: