Create a Team with Advanced Server Access

With Advanced Server Access, Admins can do more than just push their users and groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. from Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management..

  1. Sign in to your Okta dashboard.

  2. Click AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page..

  3. Open the Applications page by clicking Applications > Applications.

  4. Click Add Application.

  5. Search for Advanced Server Access and select it from the list. Click Add.

  6. If you want to use a custom application label, enter it in the Application Label field. Use the default application visibility settings. Click Done.

  7. You must assign the application to yourself. Switch to the Assignments tab and click Assign > Assign to People.

  8. Find your account in the list and click Assign.

  9. You can choose to keep the default user name, which is your Okta user name, or enter another. Click Save and Go Back, then click Done. Your account is displayed in the list of people assigned to the appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in..

  10. Open a new tab and navigate to the Advanced Server Access homepage and click the Create a New Team button.

  11. Fill in the Work E-mail, First name, and Last name fields before clicking Get Started!.
  12. Fill in the Organization or Team Name field and click Next.

  13. On the next page, copy the Base URL and Audience Restriction fields and store them in a safe location before navigating back to the web browser tab with your Okta Admin instance.

  14. Click the Sign-On tab, and click the Edit button

  15. Fill in the Base URL and Audience Restriction fields with the information from Step 13 and click Save.

  16. In the same Sign-On tab, click the blue link labeled Identity Provider metadata above the Advanced Sign-On Settings section. It should open a new tab filled with metadata. Copy the URL of this tab and then close the tab.
  17. Navigate back to the Advanced Server Access tab and paste the metadata URL in the IdPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta. Metadata URL field.

  18. Click Authenticate with Okta when you are finished and you should be redirected to the Advanced Server Access dashboard. You have finished creating an Advanced Server Access team. Next, configure SCIMSystem for Cross-domain Identity Management (SCIM) is an open standard that allows for the automation of user provisioning. It was created in 2011 as it became clear that the technology of the future would be cloud-based. SCIM communicates user identity data between identity providers (such as companies with multiple individual users) and service providers requiring user identity information (such as enterprise SaaS apps). In short, SCIM makes user data more secure and simplifies the user experience by automating the user identity lifecycle management process. for Okta by enabling API integration.

Configure SCIM for Okta

As an application from the OINAn acronym for the Okta Integration Network. The OIN is comprised of thousands of public, pre-integrated business and consumer applications. As an on-demand service, OIN integrations are continuously validated, always up to date, and constantly growing both in number and capability. Okta performs a single integration with an ISV or SP, providing thousands of end users with point-and-click customization for their orgs., Advanced Server Access has the capability to sync your Users and Groups from the Okta Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API., making it easier for managers to specify people, memberships, and roles across the services.

To do so, configure the API integration with the following steps: 

  1. Go to the Advanced Server Access Application in the Okta Admin Dashboard and select the ProvisioningProvisioning is the enterprise-wide configuration, deployment, and management of multiple types of IT system resources. Specifically, provisioning provides users access to equipment, software, or services. This involves creating, maintaining and deactivating required business process automation objects and attributes in systems, directories, and applications. tab.

  2. Click the Configure API Integration button.
  3. Next, check the Enable API Integration checkbox, and then click the Authenticate with Okta Advanced Server Access button.

  4. Fill in the Add a Team field with the name of your Advanced Server Access team before clicking the blue arrow. You will be prompted to grant permissions to Okta and create a Service User. You can learn more about Service Users Service Users Choose a username for your Service User and click Approve.

  5. Click Save once you're redirected to Okta.

Your Okta Users are now directly provisioned to Advanced Server Access, and any changes will be automatically reflected. Next, you can configure Group Sync to provision roles and memberships as well.

Configure Group Sync to provision Roles and Membership

  1. Create some Users and Groups in Okta and assign the Groups the Advanced Server Access application.

    Note: Any users and groups created in Okta before configuring SCIM must be removed and then re-added in order to be managed automatically.

  2. Select the Push Groups tab in the Advanced Server Access Application in Okta Admin. Here, you can add any of your Groups to automatically sync with the downstream Advanced Server Access application.

  3. Select the Push Groups button and select Find groups by name.
  4. Find one of your groups and check the Push group membership immediately checkbox. Repeat this process for every Group you want to sync and then click Save

Once activated, the sync will take place immediately and its status in the Push Status column relative to your group will have its value changed to Active when completed.