Use the People page to add and manage the end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. in your organization.
Go to Directory > People. The People page displays a maximum of 25 entries at a time. If the list of names exceeds 25 you can click Show More to see more entries. The maximum number of entries displayed is 200. For additional filtering, use the Search field.
Tip: Don't miss the important options available in More Actions lists.
Adding users to your organization enables them to have their own My Applications page. To add end users to your orgThe Okta container that represents a real-world organization..
From the People page, click Add Person.
Enter the First name and Last name.
Enter the Username.
The user name must be in email address format, and is typically the user's primary email address. Users sign in using this username.
For a list of the characters supported in Okta email addresses, see here.
Usernames entered here must be unique email addresses. Entering a pre-existing email in this field will cause an error.
Enter a Primary email address.
This can be any valid email address that the user can access, typically the user's sign in name.
Optional - Enter a Secondary email.
This email can be used as a back up in case the user can't access their primary email. This is optional.
- Optional - Assign the user to groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. by typing the name of the group in the Groups field. A list of matching groups appears. Find the group you wish to add and click Add. Repeat to add additional groups.
- Select whether the password is set by the end user or the adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page..
Set by user – The user is prompted to enter a password the first time they sign in to Okta.
Set by Admin – Enter a password for the end user. To prompt the user to change the password on their first sign in, check User must change password on first login. You must manually provide the end user with their password.
Click Add Person, or add another by clicking Save and Add Another.
- If you click the Send user activation email now check box, your end user immediately receives their Welcome to Okta! activation email. Otherwise, these users are at Pending Activation status, and are not notified via email of their Okta account.
Add and update users with Just In Time Provisioning
Just In Time (JIT) provisioningusers are created/updated on the fly using the SAML attributes sent as part of the SAML response coming from the Identity Provider. The A user is created during initial login to the Service Provider and updated during subsequent logins. Turning on JIT Provisioning is normally a configuration value in the Service Provider. enables automatic user account creation in Okta the first time a user authenticates with AD Delegated Authentication, Desktop SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones., or inbound SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on a chiclet, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated..
JIT account creation and activation only works for end users who are not already Okta end users. (JIT updates the accounts of existing end users during full imports.) This means that end users who are confirmed on the import results page, regardless of whether or not they were subsequently activated, are not eligible for JIT activation. When JIT is enabled, users do not receive activation emails.
When using JIT provisioning with AD users, the procedure depends on whether delegated authentication is enabled.
- If you have delegated authentication enabled, you do not need to import users from AD first for JIT provisioning to create Okta accounts.
- If you do not have delegated authentication enabled, you must import the AD accounts first, and they must appear on the imported users list for JIT provisioning to create Okta accounts.
To enable JIT, click Edit under Just In Time Provisioning, and then click Enable Just In Time Provisioning.