Okta allows you to use Expression Queries to map values to your custom Attributes. Using this function allows you to Map and Cross-reference your LDAP or AD Groups to Environments within OverOps and Roles.
Assumption
You have already integrated LDAP and/or AD with Okta.
1. Setup your SSO integration to OverOps in Okta
Once completed you will see the different Profiles available. In my example below the Okta profiles are linked to my LDAP Server. And the third listed below is the integration via SSO into Overops.
We will modify the Profile for the SSO integration and add a custom attribute.
Click on Profile to access the Profile Editor.
2. Add Custom Attribute to Map LDAP/Okta Groups to OverOps
Click on “+ Add Attribute” to add a Custom Attribute to the OverOps User and name the Attribute field one of the following names as documented here.
I called my custom attribute field “groups”.
3. Map your LDAP/Okta groups to the OverOps Environment - Role
Goto Mappings to add your expression query to your new customer attribute field.
Example:
External provider Groups structure
OverOps_Production_Admins
OverOps_Production_Members
OverOps_QA_Admins
OverOps_QA_Members
etc.
OverOps Environments
PROD
QA
UAT
Mapping
| External Provider Groups Name | OverOps Environment and Role |
|---|---|
| OverOps_Production_Admins | PROD Admin |
| OverOps_QA_Admins | QA Admin |
| OverOps_Production_Users | PROD Member |
| OverOps_QA_Users | QA Member |
Expression
isMemberOfGroupName("OverOps_Production_Admins") ? "PROD Admin" : null + isMemberOfGroupName("OverOps_QA_Admins") ? ", QA Admin" : null +isMemberOfGroupName("OverOps_Production_Users") ? ", PROD Members" : null +isMemberOfGroupName("OverOps_QA_Users") ? ", QA Members" : null
Above is one string copied into the below expression field.
Add the Expression Query to the OKTA to OverOps Map.
Make sure you select the “Okta to overops” map and not “overops to Okta” as shown in my example below. Your names might be different.
