Setup Drupal Okta User Synchronization

• Install the module:

  drush en okta_user_sync

• Clear the cache:

   drush cr

• Configure the module at

  {BaseURL}/admin/config/people/okta_user_sync/overview

This type of provisioning allows you to sync users with Okta whenever any CRUD operation(s) is performed on them in Drupal.

Configure Automatic Provisioning

• Automatic Provisioning will help you provision your users using any of the following events:
• Admin Interface: When administrators or privileged users manually perform CRUD operations on a user’s account via the Drupal admin interface.
• User account change: Whenever users themselves perform CRUD operations on their own information form user/{user_id}/edit or any other custom form.
• 3rd Party Modules: Whenever a user entity is updated/created in the Drupal site using any third-party modules/applications or custom code
• User Registration: Whenever a user creates a new account in Drupal. (/user/register)

Let's see how the user can be created in Okta using automatic provisioning.

• Create Users:
• In the Drupal to Okta tab, please ensure you have selected the Read User and Create User checkboxes under the Automatic Provisioning Configuration.
• Users can be provisioned to Okta in the following ways:
• Create the user without credentials: Using this method, the user is provisioned to the Okta Portal except for the password with a Staged state. The admin has to activate the user and send a password reset link. This allows you to review the provisioned users and keep a quick check.
• Create the user with the Password: Using this method, the user is provisioned to the Okta Portal along with a Password and a Staged state. Once the admin activates the user, the Okta Portal can be accessed by the user with the same password as on the Drupal site. (Please note, the automatic user provisioning will fail in this case if the Drupal user password violates Okta Password policy). This will allow you to ensure a strong and consistent password is maintained across both applications.

Note: In case, you wish to provision the users into Okta in an Active state to overcome the additional step or if you have any other specific use case, feel free to reach out to us at drupalsupport@xecurify.com.

• Once Done with the configuration, navigate to Drupal’s login page and click on the Create New Account tab(/user/register).
• Enter the details and click on the Create New Account button.

• After successfully creating the user in Drupal, go to the People tab under the Directory from Okta. Here you can see, the user has been successfully created

• Deactivate User:
• Under the Automatic Provisioning Configuration, please ensure you have selected Read User and Deactivate User checkboxes.
• To deactivate the user from Okta, the user must be in the blocked state on the Drupal site.
• To do this, navigate to the People tab, edit the profile of the specific user(/user/{user_id}/edit), and change the user's status to Blocked.
• Once done, click on the Save button.



• To confirm whether the user has been deactivated or not, go to the People tab of the Okta and check the user's status.