Configure a provisioning-enabled app

With Entitlement Management, Governance Engine is the source of entitlements for apps, which were previously sourced from the app user profile. Create a fresh app instance of a provisioning-enabled application to use connectors that support Entitlement Management.

Complete the steps that follow to manage entitlements for the following apps:

  • Box
  • Google Workspace
  • Microsoft Office 365
  • NetSuite
  • PagerDuty
  • Salesforce
  • Zendesk

Entitlement Management can't be enabled on existing app instances that are configured for provisioning. Instead, wait for Okta to provide a migration path.

To avoid losing data and relationships that were set up using legacy provisioning, don't enable Governance Engine and provisioning on an existing app instance. Data losses can occur, especially after an import is performed with Governance Engine enabled.

Before you begin

  • Sign in as a super admin, an app admin, or an admin with the following permissions:

    • Manage applications

    • Edit application's user assignments

    • Edit groups' application assignments or Edit users' application assignments

  • Ensure that you're assigned to the Okta Entitlement Management application.

Start this task

  1. Create an app instance.
  2. Go to ApplicationsApplications.
  3. Search for and select the app instance.
  4. Go to the General tab. Click Edit in the Identity Governance section.
  5. From the Governance Engine dropdown menu, select Enabled. Click Save. Okta begins enabling Governance Engine for the app instance. After this process is complete, the Governance tab appears. You can refresh your page to check if the engine is enabled.
  6. After Governance Engine is enabled, you can configure provisioning for the app:
    1. Go to the Provisioning tab.
    2. Click Configure API Integration.
    3. Select Enable API integration.
    4. Provide the values that are required to complete authorization for the app.
    5. Select To App under Settings.
    6. Click Edit in the Provisioning to App section.
    7. Enable Create Users and Update User Attributes. These settings are required to ensure that entitlements are assigned accurately.
    8. Optional. Enable other provisioning settings as required by the app and your environment.
  7. Optional. Perform a full import.

Related topics

Provisioning-enabled app limits

Google Workspace requirements

NetSuite requirements

Salesforce requirements