Guidance for Okta Privileged Access connector

You can execute various create, read, update, and delete operations on the following parts of Okta Privileged Access (OPA):

  • Resource groups

  • Projects

  • Servers

  • Enrollment tokens

  • Access reports

  • Users and groups

Also, for operations that don't appear on the action cards, you can use the Custom API Action card to invoke API calls against the Okta Privileged Access API.

Using this connector and its action cards assumes a basic understanding of Okta Workflows, Okta Privileged Access terminology, components, API, and interfaces.

When developing flows, developer documentation is an essential resource to understand the various actions and properties of the cards. See Introduction to the Okta Privileged Access API.

Connector configuration and testing

To test a flow using action cards from the Okta Privileged Access connector, follow these steps.

  1. From the Connectors page, create an OPA connection using an account associated with your OPA team. See Authorization.

  2. On the Flows page, create a new flow. Add the List Resource Groups card from the OPA connector. Save and run the flow to see a list of all groups found in your OPA instance.

  3. Remove the List Resource Groups card and add a Create Resource Group action card. Save and run the flow to create an OPA resource group.

    Go to your Okta Privileged Access dashboard and verify that the flow created a resource group.

  4. Optional. Use the Create Project card to create an OPA project.

  5. Optional. Use the Create Project Enrollment Token card to create a token and assign it to a project so you can enroll a server inside OPA.

    Go to your Okta Privileged Access dashboard and verify that these flows created a project and an enrollment token inside the new resource group.

Known issues and limitations

The following known limitations to the Okta Privileged Access connector may impact your flows.

  • The Okta Privileged Access connector doesn't support all Okta Privileged Access API endpoints.

  • OPA administrators manage the service user account and credentials used by the connector to authenticate to OPA.