Set up Okta Privileged Access

To set up Okta Privileged Access, you must add the Okta Privileged Access OIN application to your Okta org, add an admin user, enable provisioning, and assign users and groups.

Complete the following steps to setup Okta Privileged Access:

  1. Add the Okta Privileged Access app to your Okta org
  2. Assign an admin to Okta Privileged Access
  3. Verify SSO and user configuration
  4. Enable provisioning
  5. Assign users and groups
  6. Push groups to Okta Privileged Access

Prerequisites

You must have an admin role in your Okta org.

Add the Okta Privileged Access app to your Okta org

You can install only one instance of Okta Privileged Access to your Okta org.

  1. In the Admin Console, go to ApplicationsApplications.

  2. Click Browse App Catalog.
  3. Search for Okta Privileged Access in the search field and select it from the list.
  4. Click Add Integration.
  5. Enter a team name.
  6. Click Done.

Once the Okta Privileged Access app is integrated to your Okta org, the Single Sign-On (SSO) is automatically enabled. To view the SSO configuration, click the Sign On tab on your Okta Privileged Access app.

Assign an admin to Okta Privileged Access

  1. From the Applications page, click Okta Privileged Access.
  2. Go to the Assignments tab and click Assign Assign to People.
  3. Identify your account in the list and click Assign.
  4. Click Save and Go Back, then click Done.

Verify SSO and user configuration

After you successfully install the Okta Privileged Access app, it appears on your dashboard under My Apps. SSO is automatically configured. You can now sign in to the app.

  1. From your dashboard, click the Okta Privileged Access app.
  2. In the Okta Privileged Access Admin Console, you can view assigned users and groups. At this stage, one user is registered, and admins aren't configured. Okta will add more users and groups in the next steps.

Enable provisioning

  1. Go to the Provisioning tab and click Configure API Integration.
  2. Select Enable API Integration.
  3. Click Authenticate with Okta Privileged Access.
  4. On the dialog that appears, select your Okta Privileged Access team.
  5. Enter a name for a service account and click Approve. Any name such as svc-scim can be used. The service account is automatically created in Okta Privileged Access for use by the Okta SCIM integration.

  6. Click Save.
  7. Click Edit.
  8. Select Create Users, Update User Attributes, and Deactivate Users provisioning options.
  9. Click Save.

Assign users and groups

You can assign users and groups to the Okta Privileged Access app in your Okta org. You can create groups that reflect the admin structure in Okta Privileged Access. For example, create a PAM admin group, a security admin group, and a resource admin group. Assign these groups to the app, and then push the groups to your Okta Privileged Access team.

  1. Go to the Assignments tab.

  2. Users added to the Okta Privileged Access displays.

    To assign users or groups to an app, see Assign an app integration to a user and Assign an app integration to a group.

Push groups to Okta Privileged Access

You can use Group Push to push existing Okta groups and their memberships to Okta Privileged Access. See Configure group sync.

After the Group Push operation is completed, user groups pushed from the Okta org to Okta Privileged Access will be visible under Okta Privileged Access. Check Directory Users and Directory Groups.

This confirms that the integration is working and you can now start configuring Okta Privileged Access.

Next steps

Okta Privileged Access with Access Requests

Resource administration

Security administration