About Group Push
Group Push lets you push existing Okta groups and their memberships to provisioning-enabled, third-party applications. These memberships are then mastered by Okta.
Group Push adds groups to third-party apps, but it does not create groups in Okta. Pushed groups are managed from Okta. Making changes to the group in the target app causes synchronization issues with Okta.
These are a few of the applications that support group push:
- Active Directory
- Office 365
Groups are pushed to applications using one of the following two methods:
- By name: An Okta application administrator selects groups from Okta to be created and updated in the target app.
- By rule: You use a string in either the group name or description to push many groups at once. Group push by rule is not available for AD integrations.
The following are the known Group Push limitations:
Using the same Okta group for assignments and for group push is not supported. To maintain consistent group membership between Okta and the downstream app, you need to create a separate group that is configured to push groups to the target app.