About app user assignment

This table details how users can get app access. The specific requirements of your organization determine which method is most suitable. Users can also be assigned roles and permissions as long as the integrated, third-party application to which they are assigned has functionality within Okta.

User type Description

Individual user or users

  • For an organization having one or a few members, it may be best to directly assign the app to user.
  • You can assign the app to the user or the user to the app. See Assign applications to users.
Users originating from an external source, such as an application
  • For an organization having user groups well organized in an HR-management app such as Workday or a directory service such as AD or LDAP
  • You can assign the application group to the desired app or the desired app to the application group.
Users from Okta, apps, and directories
  • If there are users across various locations such as Okta, apps, and directories, it may be best to assign all these user stores to an Okta group with access rights to the desired app.
  • This scenario is based on an Okta user group and a rule. Using an Okta user group assigned certain app access is a best practice for assigning users app access to imported users in an app group. When an app group is imported into Okta, the members of that group will be assigned to the Okta user group, and thus the members will inherit the app access of the Okta user group. The assignment of users from the imported app group into the Okta user group is controlled by rules.