All Collections
Directory Services
Okta Provisioning Upgrade Guide
Okta Provisioning Upgrade Guide

This article will teach you how to upgrade your Okta provisioning integration with Genea Access Control.

Archa K avatar
Written by Archa K
Updated over a week ago

What's new with the Okta upgrade? 

With our Okta provisioning integration update we are releasing a simplified yet powerful and flexible rule engine. You can now create easy to understand provisioning rules, such as:

  • Anyone in an "Employees" Okta group should be assigned to "Regular Employees" access group in Genea.

  • Anyone in an "Admins" Okta group should be assigned to "Admins" access group in Genea and should be added as an admin in Genea. And so on...

Follow the steps below to upgrade your existing Okta integration. 

Step 1 : Generate your Okta API token

  1. Login to your Okta account as an admin. 

  2. Go to Admin > Security > API > Tokens and click on the 'Create Token' button.

  3. Provide a desired name for the token.

  4. Copy the token as this will be the only time that you will be able to view it. After this step, for security purposes it will be stored as a hash in your Okta application.

Token Best Practice: Service Account

Okta API tokens inherit the API access of the user who creates them, so we recommend you create a “service account” user with only the permission levels you need for the token to perform the API tasks you require. In this case it can be "Read Only Administrator"

Step 2 : Configure Your Genea Account

  1. Login to your Genea application and navigate to the Integrations page.

  2. Click the ‘Manage’ button for your Okta integration.

  3. Click on the 'Upgrade' button as shown in the screenshot below. 

4. Once prompted, please provide the API token created in your Okta application, as well as the domain of your Okta application.

Step 3 : Configure Provisioning Rules

This step is crucial since there must be at least one rule specified for each property in order for a successful synchronization. All of your properties will be listed in the rules section where you can manage rules for respective properties.

With provisioning rules, you can:

  • Map your organizational groups to Genea "door access groups." 

  • Decide which role needs to be assigned to each user.

  • Decide whether newly on-boarded employees should automatically receive a mobile key.

  • Manage access to multiple office locations.

Simple Provisioning Rule:

You can create one default simple rule where every synced employee is granted common door access, as well as added under the regular user role. 

For example, you can define a rule where every employee synced from Okta is assigned to the "Employee" access group and added under the "User" role. 

As you can see in the following screenshot, in this case you do not need to add any conditions to the rule for a simple default rule. 

Advanced Provisioning Rules

With this upgrade, you can get more specific with the rule engine to make sure certain groups of users in your organization are assigned to their proper access group. 

As shown below, based upon your "Okta Groups", you can assign appropriate door access to appropriate users. If you have multiple office locations, you can also choose which specific employees get synced to which specific office locations.

You can drag these rules up or down to set their execution priority. Rules are executed in order based upon their priority. Once one rule is matched and executed, the rest of the rules will be skipped.

You can also add multiple conditions to a single rule as shown below. If you have multiple conditions applied to a single rule, you can select to either "match all" conditions or "match any" condition.  

Provisioning Rules When Apple Wallet is Installed

When Apple Wallet is installed, you can get more specific with the rule engine to make sure certain groups of users in your organization are enabled for Apple Wallet pass.

As shown below, Add Rule page will have option to select Apple Wallet. You can select BLE option too. Selecting both will have BLE and Apple Wallet both the passes (keys).

Summary of the rule table will have ability to see which rule has which mobile access assigned. Other functionality of rearranging and priority of the rule remains the same.

You can edit the rule and make necessary changes too.

If you need assistance or have any questions about this upgrade, please feel free to reach out to the Genea team at any time at

Did this answer your question?