Enhanced Group Push

Enhanced Group Push enables you to push from Okta to existing groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. in specific apps. While generally you cannot push a group with a name that already exists within the target appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in., these apps do allow the enhanced capability. Note that Okta remains the master of these exchanges.

Enhanced Group Push is currently available for the following integrations:

Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management., Adobe CQ, Box, DocuSign, Dropbox for Business, G Suite, Jira , Jira On-Prem, Jive Software, Litmos, Org2Org, ServiceNow UD, Slack, Smartsheet, Workplace by Facebook, Zendesk

Note: Currently, Enhanced Group Push is only available for the listed applications, but Okta will periodically add this functionality to more provisioning-enabled apps.

Configure Enhanced Group Push

Using G Suite as our example,

  1. Access your Okta instance of G Suite (Google Apps).
  2. Click Refresh App Groups to update any imports or changes that occurred in the third-party app. This ensures that all groups from the target app are represented in Okta.
  3. Click the Action button (Group Push Settings) if you want the ability to rename a group in the third-party app when linking.
  4. Choose the Push Groups tab.
  5. In the By name column, use a keyword to find the group in Okta.
  6. When the group appears in the table, click the Match results and push action drop-down menu to:
  • Create Group: This group does not exist in the target app, but it can now be pushed from Okta to the app. This is group push without enhanced functionality.
  • Link Group: This group does exist in the target app, but it is now linked to Okta and shown under the Group in Google Apps column. Use the drop-down menu to find an existing group in the target app by keyword.

Configure Enhanced Group Push for Active Directory OUs

When you choose a group in Okta to push to AD, you must specify the target OUAn acronym of Organizational Unit. Organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units. It is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority., and pre-select it on the Settings tab of your Active Directory instance.

To pre-select the target OU:

  1. In the AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, click Directory > Directory Integrations.
  2. On the Directory Integrations page, click the Active Directory instance.
  3. On the Settings tab, scroll down to the Import and Account Settings section.
  4. On the Group OUs connected to Okta window, chose the appropriate domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). and container.

To specify a target OU:

  1. In the Admin Console, click Directory > Directory Integrations.

  2. On the Directory Integrations page, click the Active Directory instance.
  3. On the Push Groups tab, select the By name filter.
  4. Click the Push Groups drop-down menu and choose Find Groups by name. The Push Groups by Name page appears.
  5. Scroll down to the Find Group and Push group to the following OU to specify the groups you pre-selected.

Note: You can add users to the Okta-mastered group in Okta or in AD. If you add a user in AD, the next time that you Import Active Directory users into Okta, that user will appear in the Okta group.

Configure Enhanced Group Push to delete app groups

Enhanced Group Push can also be used to delete groups imported from provisioning-enabled apps. To do so, you must first create a new group in Okta and link it to the app group that you want to delete.

Note: This procedure works for the integrations listed above. To delete groups imported from applications that do not support Enhanced group push, see Import groups.

To create a new group in Okta:

  1. In the Admin Console, click Directory > Groups.
  2. On the Groups page, click Add Group.
  3. Enter a name and description that you can associate with the app group you want to delete, and then click Add Group.

To link your Okta group to the app group you want to delete:

  1. In the Admin Console, click Applications > Applications.
  2. Select the app that contains the group you want to delete. In the Push Groups tab, click Refresh App Groups.
  3. Click Push Groups, and then select Find groups by name. Search for the new Okta group.
  4. In the Match result and push action drop-down menu, select Link Group, and then choose the app group that you want to delete. Click Save. The linked app group is now owned by your Okta group.

To delete the app group:

  1. In the Admin Console, click Directory > Groups.
  2. Select the Okta group that you linked to the app group. On the Group page, click Delete Group.
  3. Open your Okta instance of the app and verify that the app group has been deleted.