Configure a provisioning-enabled app

With Entitlement Management, Governance Engine is the source of entitlements for apps, which were previously sourced from the app user profile. Create a fresh app instance of a provisioning-enabled application to use connectors that support Entitlement Management.

Complete the following task to manage entitlements for any provisioning-enabled Okta app integration. See Apps with entitlement support for a list of applicable integrations.

Entitlement Management can't be enabled on existing app instances that are configured for provisioning. Instead, wait for Okta to provide a migration path.

To avoid losing data and relationships that were set up using legacy provisioning, don't enable Governance Engine and provisioning on an existing app instance. Data losses can occur, especially after an import is performed with Governance Engine enabled.

Before you begin

  • Sign in as a super admin, an app admin, or an admin with the following permissions:
    • Manage applications
    • Edit application's user assignments
    • Edit groups' application assignments or Edit users' application assignments
  • Ensure that you're assigned to the Okta Entitlement Management app.

Start this task

  1. Create an app instance.
  2. Go to ApplicationsApplications.
  3. Search for and select the app instance.
  4. Go to the General tab. Click Edit in the Identity Governance section.
  5. From the Governance Engine dropdown menu, select Enabled. Click Save. Okta begins enabling Governance Engine for the app instance. After this process is complete, the Governance tab appears. You can refresh your page to check if the engine is enabled.
  6. After Governance Engine is enabled, you can configure provisioning for the app:
    1. Go to the Provisioning tab.
    2. Click Configure API Integration.
    3. Select Enable API integration.
    4. Provide the values that are required to complete authorization for the app.
    5. Select To App under Settings.
    6. Click Edit in the Provisioning to App section.
    7. Enable Create Users and Update User Attributes. These settings are required to ensure that entitlements are assigned accurately.
    8. Optional. Enable other provisioning settings as required by the app and your environment.
  7. Optional. Perform a full import. You can do a full import of users for apps that are fully LCM integrated within Okta. You can also import users and their entitlements for apps that aren't fully LCM integrated within Okta (that is, disconnected apps). See Import user entitlements from CSV.

Related topics

Provisioning-enabled apps

Provisioning-enabled app limits