Okta User Provisioning integration with Drupal streamlines user management and ensures up-to-date user information
within the system. This step-by-step guide will assist you in configuring user provisioning/sync from the Drupal
site to the Okta application. This will allow administrators to easily provision users and manage user data with
manual, automatic, or scheduler-based provisioning using the Drupal Okta User Sync module. This
module is compatible
with Drupal 9, Drupal 10 and Drupaal 11.
Installation Steps
Using Composer
Using Drush
Manual Installation
Download the module:
composer require 'drupal/okta_user_sync'
Navigate to Extend menu on your Drupal admin console and search for miniOrange Okta User Sync using the search box.
Enable the module by checking the checkbox and click on Install button.
After installing the module on the Drupal site, in the Administration menu, navigate to Configuration
→ People → miniOrange Okta User Sync.
(/admin/config/people/okta_user_sync/overview)
Have a glance at what the module does and click on the Let’s Configure the module button.
Integarting Drupal with
Okta
Configure the values mentioned in the below screenshot from Okta in Drupal.
Okta Portal URL: The Okta Portal URL is nothing but the Okta Domain or you can say it is
the base URL for the Org Authorization Server of Okta. For example, https://{yourOktaDomain}.okta.com Copy
this URL and paste it into Drupal's Okta Portal URL text field.
Okta Bearer Token:
The Okta Bearer Token is a key used to authenticate requests to Okta APIs When calling an Okta API
endpoint, you need to supply a valid API token for the authentication.
To generate this API token login to your Okta organization with the admin credentials.
In the Admin Console, navigate to the Security → API from the menu.
On the API page, navigate to the Tokens tab and then click the Create
token button.
Enter the name of your token and click Create Token.
Copy the generated Token Value and keep a note of it as you won't have another chance
to view and record it.
Navigate back to the Drupal site and paste the copied Bearer Token in Drupal’s
Okta Bearer Token text field.
Test Your Configuration: In the Test Your Configuration ( Enter user email
) field, enter a user’s email ID. (Please ensure that a user with the same email is present in
your Okta portal).
Test Configuration
Once done with all the configurations, click on the Save and Test Configuration button.
If the Test Configuration is successful, you will receive a success message like this:
Alternatively, if there is an error in the integration of Okta with Drupal, then you can check the cause of the
error by following the link in the error message or scrolling down to the Test Configuration Result section.
Once the test is successful, click on the Next button.
The module supports bi-directional sync. To sync the users from Drupal to Okta, select Drupal to Okta
Synchronization.
In Step 3, there are three ways to perform the user provisioning (manual, automatic, or schedule-based). To
configure the desired method, click the "configure" button within the corresponding method and select the
operations that you want to perform(create, delete, deactivate, and update).
After configurations, click on the All Done button.
Manual/On-Demand Provisioning
Automatic Provisioning
In Manual/On-Demand Provisioning you can manually sync the user with Okta. It also allows the
provisioning of a single user as well as all of the existing users at once to Okta.
Configure Manual/On-Demand Provisioning
Create Users in Okta:
In the Drupal to Okta tab, please ensure you have selected the Read
User
and Create User checkboxes under the Manual Provisioning
Configuration.
Click on the Sync User Manually button.
Search for the user you want to provision to the Okta, select the user, and click on the
Sync button.
To verify if the user is provisioned or not, navigate to the People tab under
the
Directory and confirm the status of the user.
Deactivate User
Under the Manual Provisioning Configuration, please ensure you have selected Read
User and Deactivate User checkboxes.
To deactivate the user from Okta, the user must be in the blocked state on the Drupal site.
To do this, navigate to the People tab, edit the profile of the specific
user(/user/{user_id}/edit),
and change the user's status to Blocked.
Once done, click on the save button.
Now, head back to the Drupal to Okta Sync tab and click on the Sync
User
Manually button.
Enter the blocked user’s username in the text field and click on the Sync
button to
Deactivate the same user on Okta.
To confirm whether the user has been deactivated or not, go to the People
tab of
the Okta and check the user's status.
This type of provisioning allows you to sync users with Okta whenever any CRUD operation(s) is performed
on
them in Drupal.
Configure Automatic Provisioning
Automatic Provisioning will help you provision your users using any of the following events:
Admin Interface: When administrators or privileged users manually perform
CRUD
operations on a user’s account via the Drupal admin interface.
User account change: Whenever users themselves perform CRUD operations on
their own
information form user/{user_id}/edit or any other custom form.
3rd Party Modules: Whenever a user entity is updated/created in the Drupal
site using
any third-party modules/applications or custom code
User Registration: Whenever a user creates a new account in Drupal.
(/user/register)
Let's see how the user can be created in Okta using automatic provisioning.
Create Users:
In the Drupal to Okta tab, please ensure you have selected the Read
User and Create User checkboxes under the Automatic
Provisioning Configuration.
Users can be provisioned to Okta in the following ways:
Create the user without credentials: Using this method, the user is
provisioned
to the Okta Portal except for the password with a Staged state. The admin has to activate
the
user and send a password reset link. This allows you to review the provisioned users and
keep a
quick check.
Create the user with the Password: Using this method, the user is
provisioned
to the Okta Portal along with a Password and a Staged state. Once the admin activates the
user,
the Okta Portal can be accessed by the user with the same password as on the Drupal site.
(Please note, the automatic user provisioning will fail in this case if the Drupal user
password
violates Okta Password policy). This will allow you to ensure a strong and consistent
password
is maintained across both applications.
Note: In case, you wish to provision the users into
Okta in an Active state to
overcome the additional step or if you have any other specific use case, feel free to reach
out to
us at drupalsupport@xecurify.com.
Once Done with the configuration, navigate to Drupal’s login page and click on the
Create
New Account tab(/user/register).
Enter the details and click on the Create New Account button.
After successfully creating the user in Drupal, go to the People tab under the
Directory from Okta. Here you can see, the user has been successfully created
Deactivate User:
Under the Automatic Provisioning Configuration, please ensure you have selected Read
User and Deactivate User checkboxes.
To deactivate the user from Okta, the user must be in the blocked state on the Drupal site.
To do this, navigate to the People tab, edit the profile of the specific
user(/user/{user_id}/edit), and change the user's status to Blocked.
Once done, click on the Save button.
To confirm whether the user has been deactivated or not, go to the People tab
of
the Okta and check the user's status.
That’s it!! you have successfully provisioned the users with Okta.
If the Provision was not successful, please contact us at drupalsupport@xecurify.com. Please send the screenshot of the
error window, and we will assist you in resolving the issue and guiding you through the setup.
Why choose us:
[MO_CONTACT_US]
×
Hello there!
Need Help? We are right here!
Contact miniOrange Support
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com