×
Okta
Okta

Overview

The Okta plugin supports management of users and groups. Additionally, a generic node exists to expose all REST API methods.

Functionality

The Okta plugin provides the ability to call nearly any REST API end-point through the NL-Okta-REST-API node. Additionally, the plugin provides direct access to

  • manage a user’s membership within groups
  • retrieve groups by executing a search
  • retrieve a group’s detailed information
  • retrieve users by executing a search
  • retrieve a user’s detailed information
  • retrieve a user’s group membership
  • create a new user
  • update an existing user
  • manage a user’s lifecycle
  • retrieve the list of user types

Instance Configuration Parameters

Property
Description

Instance Name

Name for the Okta plugin instance.


Unique ID

A system-wide unique identifier for this plugin instance used to locate the service.


Authentication Mechanism

The authentication mechanism to use for accessing the Okta services. The following option is supported.

  • API Token: Token based access.

Okta Server

Host name of the Okta server. E.g., exampledomain.okta.com.


API Token

API Token for accessing the account. See Create an API token for instructions.

Flow Nodes

This node exposes sections of the Okta REST API to manage groups.
Property
Description

Name

The display name of the node within the flows.


Unique ID

System-wide unique ID of the plugin instance.


Action

Configuration option determining the type of operation to perform:

  • Add User to Group: Adds a user to a group.
  • Find Groups: Retrieves groups based on the criteria.
  • Get Group: Retrieves details on the specified group.
  • Remove User from Group: Removes a user from a group.

Successful results for an action are placed in msg.payload.okta.[uniqueId].response.


Search Type

Retrieves groups according to the Search Type. When Search Type is No Filtering (List Groups), the node lists groups returning up to Size Limit groups. When Search Type is Query, the node searches the groups’ profile.name property finding those that start with the specified Group Query value. When Search Type is Filter, the node filters groups against a subset of properties using the specified Group Query value. When Search Type is Search, the node searches for groups using a larger set of available properties.


Group Query

See the Okta List Groups REST API for details on constructing a Filter or Search template. The Group Query supports using mustache variable substitution from the incoming message. Visit the Template Engine and Formatters page to learn more.


Expand Response

The Expand Response configuration determines what additional information to include in found groups. Possible values are app, stats, or app,stats. Any other value will cause a failure.


Size Limit

The maximum number of groups to return from a find action.


Group ID

The group being retrieved or having a user added or removed. If the Group ID is set to Standard Group ID Location, the group ID is obtained within the standard response location at group.id. The location is set by a successful Get Group or Find Groups action.


User ID

The user being added or removed from a group. If the User ID is set to Standard User ID Location, the user ID is obtained within the standard response location at user.id. The location is set by a successful Get User or Find Users action in the NL-Okta-Users node. The User ID may also be the user’s login ID.

This node provides the capability to call most of the Okta REST API end-points. Reference the Okta REST API documentation for the path, request method, query parameters, and body to be configured in this node.
Property
Description

Name

The display name of the node within the flows.


Unique ID

A system-wide unique identifier for this plugin instance used to locate the service.


Path Segment

The Path Segment defines a mustache template for the URL’s path after the version. The following example sets the path for setting a user’s status to SUSPENDED. The path for suspending a user with a str context value is users/{{payload.userId}}/lifecycle/suspend. If the payload.userId is 01234567890, the final URL is https://[okta-server]/api/v1/users/01234567890/lifecycle/suspend, where okta-server comes from the plugin instance configuration.


HTTP Method

The HTTP Method must evaluate to one of GET, POST, PUT, PATCH, or DELETE. Any other value will cause a non-recoverable failure.


Query Parameters

When needed, the Query Parameters must evaluate to a JSON object or string. When Query Parameters evaluates to an object, the object contains the query parameters (URL parameters) as key-value pairs. Values may include any value convertible to a string. Array values will result in the same key being supplied with each element as a value within the query parameters. When Query Parameters evaluates to a string, it must contain the URL parameters in the key1=value1&key2=value2&...&keyN=valueN format. If the Query Parameters uses the {} JSON context, mustache template substitution is applied prior to generation of the final JSON object.


Body Parameters

When needed, the Body Parameters must evaluate to a JSON object. The object contains the request payload as specified by the REST API end-point. If the Body Parameters uses the {} JSON context, mustache template substitution is applied prior to generation of the final JSON object.

This node exposes sections of the Okta REST API to manage users.
Property
Description

Name

The display name of the node within the flows.


Unique ID

A system-wide unique identifier for this plugin instance used to locate the service.


Action

Configuration option determining the type of operation to perform:

  • Find Users: Retrieve users based on the criteria.
  • Get User: Retrieves a user using an ID number or login ID.
  • Get User Groups: Retrieves the groups a user is a member of.
  • Create User: Creates a new user.
  • Update User: Updates an existing user.
  • Activate User: Activates a user.
  • Deactivate User: Deactivates a user.
  • Delete User: Deletes a user.
  • Expire User Password: Expires a user’s password.
  • Reactivate User: Reactivates a user.
  • Suspend User: Suspends a user.
  • Unsuspend User: Undoes a user suspension.

Successful results for an action are placed in msg.payload.okta.[uniqueId].response.


Search Type

Search operation used to find users. When Search Type is No Filtering (List Users), the node lists users returning up to Size Limit users. When Search Type is Query, the node searches existing the users’ profile.firstName, profile.lastName, and profile.email properties finding those that start with the specified User Query value. When Search Type is Filter, the node filters users against a subset of properties using the specified User Query value. The supported filter properties are status, lastUpdated, id, profile.login, profile.firstName, profile.lastName, and profile.email properties. When Search Type is Search, the node searches for users using the specified User Query value.


User Query

The query configuration used by the selected Search Type. The User Query supports using mustache variable substitution from the incoming message. See the Okta List Users REST API for details on constructing a Filter or Search template. Visit the Template Engine and Formatters page to learn more.


Sort By

If specified, the Sort By fields indicates the property to sort the results by. The Sort Order is always applied.


Sort Order

Sorts results in ascending or descending order.


Size Limit

The maximum number of users to return for a find action.


User ID

The user affected by the current action. If the User ID is set to Standard User ID Location, the user ID is obtained within the standard response location at user.id. The location is set by a successful Find Users action. The User ID may also be the user’s login ID.


Create JSON Payload

The Create JSON Payload is used to define the initial settings of a new user. See Okta API v1 Create User page for detailed documentation on the structure of the JSON payload. The sample payload illustrates how to create a user with a few values defined dynamically using mustache variable substitution from the incoming message. Visit the Template Engine and Formatters page to learn more.


Update JSON Payload

The Update JSON Payload is used to define the update settings. See Okta API v1 Update User page for detailed documentation on the structure of the JSON payload. The sample payload illustrates how to update a user with a few values defined dynamically using mustache variable substitution from the incoming message. Visit the Template Engine and Formatters page to learn more.


Temp Password

This flag is used when expiring a user’s password. If Temp Password evaluates to a JavaScript truthy value, the user is assigned a temporary password, which is returned in tempPassword.

This node exposes sections of the Okta REST API to retrieve user types.
Property
Description

Name

The display name of the node within the flows.


Unique ID

A system-wide unique identifier for this plugin instance used to locate the service.


Action

Configuration option determining the type of operation to perform:

  • List User Types: Retrieves the list of user types defined within the Okta service.

Successful results for an action are placed in msg.payload.okta.[uniqueId].response.

Nevelex Labs, Main Office

Metro Office Park
2950 Metro Drive, Suite 104
Bloomington, MN 55425
Phone: +1 952-500-8921

©Nevelex Labs, LLC. 2018-2022, All Rights Reserved.

EULA