/
Import Configuration for Okta Importer

Import Configuration for Okta Importer

 

1. Create an Import Connection

Once you complete Source and Destination configurations, it is time to create the Import Connection and begin the import process. Navigate to Import Tab and select “+” button.

image-20250609-153725.png

 

Choose a distinctive name for your connection and select the Source and Destination you created for this import. Additionally, you have the option to set a schedule for your import or choose "None." To save your changes, please click the "Save" button.

2. Build Schema

Once you complete creating the import connection, it is time to create Object Types and their relations according to the Okta data model.

Start by clicking on the “Build “ button:

image-20250711-151514.png

 

Pro Tip: Commonly, our customers create references from other Object Schemas and are in need of accessing the Okta data. We recommend enabling the Object Schema sharing.

 

Review the options and click the Build Schema Model button.

image-20250711-151535.png

 

 

This needs to be done only one time. When this build is completed successfully you don't need to do it again. You will get a message if you already completed this step.

 

You may check your new Object Schema now and make sure the Object Types and Attributes are successfully created( You can simplify your navigation by clicking the Schema link button located next to the Build button).

 

The Object Schema Graph will be as follows:

2. Test and Full Imports

You can test the configuration by clicking the Test button. This will import the first 100 Okta Users to your Object Schema. This way you will have the chance to validate that:

  • Okta credentials are correct and proper permissions are granted

  • Jira credentials are correct

  • Object Schema is set without any problems

After clicking the Test button wait for a few minutes for the process to finish and check your Object Schema.

You may click the Status button to check the current import execution status.

image-20250609-154525.png

 

If you are happy with the results of the test run, please run a Full Import.

3. Settings

Under Actions, there are two options: Settings and Edit for each import connection. The Settings option offers a few extra adjustments to your import(previously found under Admin Tab).

image-20250609-155226.png

 

1. Object Types

To change the Object Types, click on the “Change Object Types” button. By default, all Object Types are enabled. Please review these settings and disable any that do not contribute value to your organization’s specific use cases. Make sure to click "Save Selections" to ensure changes are saved.

image-20250609-155313.png

 

2. Assign Custom Attributes

Okta provides remarkable flexibility for organizations aiming to integrate custom attributes into their user profiles. As the names of these attributes are not predefined until they are established, we have introduced an innovative configuration feature. This enhancement enables you to effortlessly select your top 10 preferred Custom Attributes for synchronization with JSM Assets. Just fill in the text fields and click "Save Attributes."

When entering values, please ensure they correspond with the API-friendly names of the attributes. For example, instead of using “Location,” you should input “location.”

image-20250609-155806.png

 

The 10th custom field is designated for a predefined reference to the People Object Type. If you have attributes such as the manager's email, employee number, or user ID, you can use this field to map them to the manager's People object.

After clicking the Save button, you must update the Object Mapping AQL, which is set by default to:

"Primary Email" = ${customAttribute10}

For example, if your custom fields contain the manager's employee number, you can update the AQL as follows:

"Employee Number" = ${customAttribute10}

3. Search Records

In certain situations, you may wish to filter Okta records specifically for People. Here are some examples of when this might be necessary:

  • You possess a large “People” database, but not all entries are relevant to your needs.

  • You aim to synchronize only inactive People, as inactive records are typically hidden by default.

  • Your organization utilizes Okta across multiple departments or countries, and you want to specify which records should be synchronized.

  • There could be numerous other reasons for filtering data from your Okta.

To facilitate this, you can now add a search parameter for your People (User) records Settings Option for your Import Connection.

image-20250609-155935.png

 

image-20250609-155935.png

 

The search parameter needs to be formatted according to Okta API requirements. Some examples are below. Please refer to the Okta API documentation for more details.

Description

Filter

Description

Filter

Import only the ACTIVE Users.

search=status eq "ACTIVE"

Import only the ACTIVE or PROVISIONED Users

search=status eq "ACTIVE" or status eq "PROVISIONED"

Import all the users including the users having status of DEPROVISIONED

search=status pr

Import users with a specified User Type ID

search=type.id eq "otyfnjfba4ye7pgjB0g4"

Import only Engineering department

search=profile.department eq "Engineering"

Filter the users who are in Engineering department and having a specified User Type ID

search=profile.department eq "Engineering" and type.id eq "otyfnjfba4ye7pgjB0g4"

To filter the records which have a department ne (not equal) operator doesn’t work with the Okta API. For that reason, it is possible to select the records which are not empty with lt(less than) and gt (greater than) operators. (Reference)

search=(profile.department lt "" or profile.department gt "")

 

Pro Tips:

  • Please note that if you have a large number of Okta users or groups, this import will take time. We suggest testing it outside of the busy hours when JSM Assets is not used heavily.

  • Avoid clicking Test and Full Import buttons consecutively without waiting for the first one to complete. JSM Assets does not support multiple imports to run simultaneously.

 

Pro Tip:

  • We recommend importing manually first by clicking the “Full Import“ button and measuring the import duration. In case a full import takes long time (i.e. more than an hour), or if there are multiple imports scheduled at the same time in your JSM Site, then hourly scheduling may not be the best option. Prefer Daily scheduling in such case which is the most common import schedule among the JSM customers.

Important note regarding daily imports

Daily imports are commonly scheduled for late night hours (00:00-06:00) when there is no heavy load on the system. However, it is also good to know that these times are also used for the JSM/Assets version updates by Atlassian. In case there is a conflict, the import process fails. You would see the error message in your logs. Please check your import flow daily and configure the Notify Me feature under the Admin tab if you want to get notified when there is an error. We highly recommend following the Operational tips provided on the following page: Operations