Configuring Provisioning from Afas
This integration with Okta is currently under development and is not available to customers yet. Contact email@example.com to learn more.
This guide provides the steps required to configure Provisioning from Afas, and includes the following sections:
The following provisioning features are supported:
Import New Users
New users created in Afas will be downloaded and turned in to new AppUser objects, for matching against existing Okta users.
Import New Groups
New users created in Afas will be downloaded and turned in to new groups in okta.
Specific attributes and the life cycle of the user in Afas will overwrite Okta user attributes.
Before starting the configuration of Okta, first contact firstname.lastname@example.org to prepare your environment.
Create the application from the OIN.
Under the General tab in the Application visibility property, check both Do not display application icon to users and Do not display application icon in the Okta Mobile App options.
Configure your Provisioning settings for Afas as follows:
Check the Enable provisioning features box.
Fill in the username and password you have gotten when your environment has been prepared.
Under the left tab To App ignore this page, the users can not be udpdated by okta, so the mapping is never used.
Under the left tab To Okta select the reconciliation actions you want to enable.
These are the changes Okta will take from Afas.
It is also possible to have this application as a profile master, set the appropriate settings in this screen
You can now assign people to Afas (if needed) and get users from Afas (if needed) and finish the application setup.
Only Groups with members are synced, so it is not possible to have empty application groups.
This should be taken in account when setting up dependencies on these groups.