Okta
In order to integrate Okta, we’ll need your API URL & an API Token generated for us. Instructions for token generation are here.
As per the docs, you may wish to create the token in the context of a special service account to ensure it has the permissions we need (and no more). As of now, we need the following read-only access:
  • "View users” - enumerate users, so we can match to our notion of users
  • "View applications or application instances” - enumerate applications, so we can match to our notion of apps
  • "View System Log” - determine app usage by person)
Once you've generated the token, input those tokens here.
When that is complete, it'll take about 24 hours to process before any data will be available/visible. We then recommend reviewing the app bindings and adding any Blissfully did not automatically match.
If you wish to sync teams to Blissfully from Okta Teams, enable team sync.

Okta Offboarding Automations

Our integration with Okta allows you to perform a series of automated actions on your users during an Offboarding Workflow, preventing the need to manage the offboarding in multiple systems.
Okta offboarding automation
Our integration supports the following configuration options for your offboarded employee:
  • Suspend Okta account Suspended users can't log in to Okta but their group and app assignments are retained.
  • Deactivate Okta account The user will be de-provisioned from all assigned applications, which may destroy their data such as email or files. This action cannot be recovered.
  • Delete Okta account Deletes a user permanently. This action cannot be recovered.
  • Remove user from Okta Groups The user will be removed from all OKTA_GROUP type groups. You are still responsible for managing group memberships for groups of APP_GROUP type.
    At this time, Blissfully can not remove users assigned to multiple groups using a single rule.
  • Reset multi-factor authentication This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE.
  • Clear user sessions Removes all active identity provider sessions. This forces the user to authenticate on the next operation.
These options will be available for any eligible employee with an Okta account during the configuration of any draft Offboarding Workflow.
Note: Provisioning/Deprovisioning tasks assigned to Okta act as a listener that autocompletes when the task is completed in Okta. Blissfully do not trigger Okta to act on the task. Please set up SCIM provisioning to manage this inside Okta.
Last modified 1d ago