Group Push
Group Push lets you push Okta groups and their members to provisioning-enabled third-party apps. Okta sources the memberships of the downstream apps.
Group Push doesn't create groups in Okta. Pushed groups are managed from Okta. Changes made to the group in the target app cause synchronization issues with Okta.
An Active Directory (AD) import doesn't delete non-empty groups in Okta when they've been deleted in AD. If the group is empty, the AD import deletes them. Always delete non-empty AD pushed groups in Okta when they've been deleted in AD.
Okta doesn't support using the same group for app assignment and Group Push. To maintain consistent group membership between Okta and the downstream app, you must create a separate group that's configured to push to the target app. See App assignments and Group Push.
These are a few of the apps that support Group Push:
- Active Directory
-
AWS Account Federation
- Google Workspace
- Office 365
- JIRA
- Box
- Slack
- Dropbox
- Jive
To discover more apps that support Group Push, see the Okta Integration Network catalog.
Groups are pushed to apps using one of the following two methods:
- By name: An Okta app admin selects individual groups in Okta to create and update in the target app.
- By rule: Push multiple groups by specifying a string to match in the group name, or specifying strings to match in the group name and group description. This method isn't available for AD integrations.