The following tutorial walks through the process of integrating Okta with Genea. You will need admin privileges in both Okta and Genea to complete this integration.
Features:
The following provisioning features are supported:
Push New Users: New users created through Okta will also be created into Genea.
Push Profile Updates: Updates made to the user's profile through Okta will be pushed to Genea.
User Deactivation: Deactivating the user or disabling the user's access to the application through Okta will deactivate the user in Genea.
User Suspend: Suspending a User in Okta will only affect their login in Okta and will not alter their status in Genea.
Reactivate Users: Reactivating the user through Okta will reactivate the user in Genea.
Push Group: Push existing groups from Okta to create, update, or delete groups and membership in Genea.
Import Users & Groups: Admin can import users and groups from Genea to Okta.
Important Notes:
The primary email address and phone number listed in Okta will be the email address and phone number listed in the Genea.
If an Okta user does not have a primary email address, they will not be synced to the Genea.
When adding or updating users, Genea will match based on the primary email address listed for the Okta user. If the primary email address is not found in Genea, a new user will be added to Genea.
For Push Groups, we do not support the 'Link Group' as of now, we only support the 'Create Group' functionality.
For User Group enabled portals:
Previously, users needed to generate an Okta token to integrate directories with Genea. Now, with the User Group feature, this process has been simplified. Users only need to copy and paste the Genea token into the 'Genea Access Control' App of the Okta dashboard.
Login to the Genea Web application and go to Integrations.
Find Okta and click 'Install.'
Follow these steps to integrate Okta with Genea using the Okta Integration Token:
Step 1: Generate an Okta Integration Token
You will be assigned a secured token for your Okta provisioning integration. Please copy this token as you will need it in the next step when we copy it onto your Okta web application.
Step 2: Configure your Okta Application
Login to your Okta account as an admin.
Go to Admin-> Applications -> Search for 'Genea Access Control' Application in 'Browse for Catalog' -> Click on 'Add Integration'.
Enter your region within the 'General Settings' of the Genea Access Control Application:
If you are an EU customer, enter 'eu' (without quotes).
For all other customers, enter 'us' (without quotes).
Step 3: Configure API Integration
Navigate to the 'Provisioning' tab in the Genea Access Control Application and click on the 'Integration' settings.
Click on 'Edit' for the configuration.
Select the checkbox 'Enable API Integration'.
Paste the Genea Integration Token generated in the Genea into the 'API Token' field.
Click 'Test API Credentials' to validate the connection.
Edit the App provisioning options and make sure that Create Users, Update User Attributes, and Deactivate Users are all enabled (boxes checked).
Click 'Save' at the bottom of the provisioning page.
User Provisioning from Okta to Genea and Membership Management
Step 1: Log in to Okta Admin Console: Access your Okta Admin Console using your administrative credentials.
Step 2: Add/Create a Genea Application Assignment Group:
To create a new group, navigate to 'Groups' in the Directory Option. Click 'Add Group' and enter the necessary details.
Step 3: Assign Group to the Genea Access Control Application in Okta
In Okta, click the Assignments tab in the Genea Access Control application. Select the group (e.g. Genea Security - Users) you want to provision to the Genea application.
Step 3: Add/Create Push Groups:
To manage user memberships in Genea, create new groups in Okta based on roles or departments. To push these groups to Genea, click on the Push Group tab and then 'Find groups by name. Search and select the group (e.g. Genea Marketing or Genea IT Admin) and click on 'Save'.
Review to make sure the selected groups are pushed into Genea and are visible on the 'User Group' page.
Users must be provisioned to the 'Genea Access Control' application to appear in Genea. Pushing a group does not sync any users, it only creates the User Group in Genea.
Managing Groups for Genea Web Application
To manage user access and provisioning effectively for the Genea web application, it is essential to utilize two distinct types of Groups.
1. Application Assignment Group
Objective: This group should be used to provision users to the Genea.
Procedure:
Create a Group in Okta: Create a new group (e.g. Genea Security - Users) with a name indicating its purpose.
Add Users: Include all users who need to be provisioned in the Genea.
Assign Genea Application: Assign the 'Genea Access Control' application to this group to provision users in the Genea.
2. Push Groups
Objective: These groups are used for organizing users based on their roles or departments, such as Marketing or IT Admin. Use these groups to manage access within Genea.
Procedure:
Create Groups in Okta: Create groups based on specific roles or departments within your organization in Okta.
Add Members: Assign relevant users to these groups based on your organizational operations.
Push the Groups to Genea: Ensure these groups are pushed to Genea using Push Group functionality.
Users must be provisioned to the 'Genea Access Control' application to appear in Genea. Pushing a group does not sync any users, it only creates the User Group in Genea.
Note: Also, we strongly advise switching to the User Group feature over the Rule Engine.
Enable Push Group (Recommended): If turned on then it allows to update the user profile real time
Step 6 : Sync users from Okta to Genea.
There are different ways we can begin syncing users from Okta to Genea. We recommend assigning Groups.
Group Based Access
You can either create new groups or use existing ones , based on your organization setup. Let's say you have Employees, Contractors and IT Admins.
Assign the Genea Access Control app to these groups and then assign users to these groups.
Okta allows multiple groups assigned to the user. When a user is a member of more than one group assigned to the application, Group priority determines the provisioning. Please read more about Okta groups and its priority feature here.
Multiple Offices
If you have multiple offices at multiple locations we recommend you create different "Groups" to sync only specific users to specific locations. Or you could leverage user's city, state or zip attributes within the provisioning rules you define on Genea side.
Once you have assigned new employees to the Genea Access Control app, navigate back to Genea. Click on the Employees List and refresh the page. Your employees should have imported automatically with appropriate Access Group permissions.
Import Users and Groups to Okta
If you would like to import users and groups from Genea to Okta, go to Genea Access Control Application in Okta and navigate to the 'Import' tab.
Click on the 'Import Now' button to pull the users and groups from Genea to Okta.
Notes :
If you already have Genea Access Control installed with all of your employees prior to enabling this integration, it will automatically link your existing employees between Okta and Genea. It will not create duplicate records as it's all based on unique email addresses.
Migration
If you want to migrate your existing Okta Genea Access Control app to new Genea Access Control app then follow these migration steps mentioned on this article. This article is only relevant if you have added the Genea Access Control Okta app before 01/30/2020.
Troubleshooting Tips
Genea app does not support modifications to the username or email address.
When users are deactivated in Okta, they will be deactivated in Genea. Users will not be able to login to the application, but their data will remain available as an ‘inactive user’.
If you need assistance or have any questions about this integration, please feel free to reach out to us at acsupport@getgenea.com