Configure group sync

After configuring SCIM for Okta Privileged Access, you'll want to sync your groups from Okta to Okta Privileged Access to provision roles and membership.

To configure group sync:

  1. Create some users and groups in Okta and assign the groups to the Okta Privileged Access application. See Assign an app integration to a group.

    Any users and groups that were created in Okta Privileged Access before configuring SCIM must be removed and then re-added in Okta for them be managed automatically.

  2. In the Okta admin dashboard, open the OktaOkta Privileged Access application and click the Push Groups tab. From this tab, you can configure any Okta group to be automatically synced with the downstream Okta Privileged Access application.

  3. Click Push GroupsFind groups by name.
  4. Enter the name of a group to push from Okta to Okta Privileged Access. Click the group when it appears in the search results to add it to the list of groups to push. If Push group membership immediately is selected, the group will be immediately pushed to Okta Privileged Access after saving these changes.
  5. Repeat the previous step for each additional group that you want to sync to Okta Privileged Access.
  6. Click Save to finish adding groups to the list.
  7. To activate group push for a group whose membership was not immediately pushed, click InactiveActivate group push.

After group push is activated for a group, the sync takes place immediately and the group's Push Status entry changes to Active after the push is complete.