Configuring Provisioning from Afas

This guide provides the steps required to configure Provisioning from Afas, and includes the following sections:

• Features
• Prerequisites
• Configuration Steps
• Known Issues/Troubleshooting

Features

The following provisioning features are supported:

• Import New Users

  New users created in Afas will be downloaded and turned in to new AppUser objects, for matching against existing Okta users.

• Import New Groups

  New users created in Afas will be downloaded and turned in to new groups in okta.

• Profile Mastering

  Specific attributes and the life cycle of the user in Afas will overwrite Okta user attributes.

---

Prerequisites

Before starting the configuration of Okta, first contact support@fuselogic.nl to prepare your environment.

Configuration Steps

Create the application from the OIN.

Under the General tab in the Application visibility property, check both Do not display application icon to users and Do not display application icon in the Okta Mobile App options.

Configure your Provisioning settings for Afas as follows:

1. Check the Enable provisioning features box.

2. API Authentication:

   Fill in the username and password you have gotten when your environment has been prepared.

3. Under the left tab To App ignore this page, the users can not be udpdated by okta, so the mapping is never used.

4. Under the left tab To Okta select the reconciliation actions you want to enable.
   These are the changes Okta will take from Afas.

   

   It is also possible to have this application as a profile master, set the appropriate settings in this screen

   

Now you can import your Afas users within Okta.

Known Issues/Troubleshooting

• Only Groups with members are synced, so it is not possible to have empty application groups.
  This should be taken in account when setting up dependencies on these groups.