Enhanced Group Push

Enhanced Group Push enables you to push from Okta to existing groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. in specific apps. While generally you cannot push a group with a name that already exists within the target appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in., these apps do allow the enhanced capability. Note that Okta remains the master of these exchanges.

Enhanced Group Push is currently available for the following integrations:

Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management., Adobe CQ, Box, DocuSign, Dropbox for Business, G Suite, Jira , Jira On-Prem, Jive Software, Litmos, Org2Org, ServiceNow UD, Slack, Smartsheet, Workplace by Facebook, Zendesk

Note: Currently, Enhanced Group Push is only available for the listed applications, but Okta will periodically add this functionality to more provisioning-enabled apps.

Configure Enhanced Group Push

Using G Suite as our example,

  1. In AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, go to Applications > Applications
  2. Access your Okta instance of G Suite (Google Apps).
  3. Click Refresh App Groups to update any imports or changes that occurred in the third-party app. This ensures that all groups from the target app are represented in Okta.
  4. Click the Action button (Group Push Settings) if you want the ability to rename a group in the third-party app when linking.
  5. In the Push Groups tab, click Push Groups and then select one of the following methods.

To push groups by name:

  1. From the Push Groups drop-down menu, select Find groups by name.
  2. Enter the name of the group that you want to push.
  3. When the group appears in the table, click the Match results and push action drop-down menu to:
    • Create Group: This group does not exist in the target app, but it can now be pushed from Okta to the app. This is group push without enhanced functionality.
    • Link Group: This group does exist in the target app, but it is now linked to Okta and shown under the Group in Google Apps column. Use the drop-down menu to find an existing group in the target app by keyword.
  4. Indicate whether you want to immediately push group memberships found by this rule.

To push groups by rule:

  1. From the Push Groups drop-down menu, select Find groups by rule.
  2. Enter a Rule name, and then set its conditions. You can search for group names and description by one of the following conditions: starts with, ends with, or contains.
  3. Indicate whether you want to immediately push groups found by this rule.

Configure Enhanced Group Push for Active Directory OUs

When you choose a group in Okta to push to AD, you must specify the target OUAn acronym of Organizational Unit. Organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units. It is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority., and pre-select it on the Settings tab of your Active Directory instance.

To pre-select the target OU:

  1. In Admin Console, go to Directory > Directory Integrations.
  2. On the Directory Integrations page, click the Active Directory instance.
  3. On the Settings tab, scroll down to the Import and Account Settings section.
  4. On the Group OUs connected to Okta window, chose the appropriate domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). and container.

To specify a target OU:

  1. In Admin Console, go to Directory > Directory Integrations.

  2. On the Directory Integrations page, click the Active Directory instance.
  3. On the Push Groups tab, select the By name filter.
  4. Click the Push Groups drop-down menu and choose Find Groups by name. The Push Groups by Name page appears.
  5. Scroll down to the Find Group and Push group to the following OU to specify the groups you pre-selected.

Configure Enhanced Group Push to delete app groups

Enhanced Group Push can also be used to delete groups imported from provisioning-enabled apps. To do so, you must first create a new group in Okta and link it to the app group that you want to delete.

Note: This procedure works for the integrations listed above. To delete groups imported from applications that do not support Enhanced group push, see Import groups.

To create a new group in Okta:

  1. In Admin Console, go to Directory > Groups.
  2. On the Groups page, click Add Group.
  3. Enter a name and description that you can associate with the app group you want to delete, and then click Add Group.

To link your Okta group to the app group you want to delete:

  1. In Admin Console, go to Applications > Applications.
  2. Select the app that contains the group you want to delete. In the Push Groups tab, click Refresh App Groups.
  3. Click Push Groups, and then select Find groups by name. Search for the new Okta group.
  4. In the Match result and push action drop-down menu, select Link Group, and then choose the app group that you want to delete. Click Save. The linked app group is now owned by your Okta group.

To delete the app group:

  1. In Admin Console, go to Directory > Groups.
  2. Select the Okta group that you linked to the app group. On the Group page, click Delete Group.
  3. Open your Okta instance of the app and verify that the app group has been deleted.
Top