Using Group Push
Group push allows admins to take existing groupsand their memberships in Okta, and push them to provisioning-enabled, third-party applications. These memberships are then mastered by Okta. The most important concept to understand in pushing groups is that pushed groups are managed from Okta. Making changes from the target app causes a misalignment with Okta and a number of problems.
Using Office 365 as our example,
If you keep the Push group memberships immediately default (which is checked), the selected membership is immediately pushed to the target app.
Delete the group in the target app — this option deletes the group and all its associated memberships.
Enhanced Group Push
Enhanced Group Push allows you to push to existing groups in four specific apps: G Suite, Box, Jive and Active Directory. As stated under Requirements, you cannot push a group name that already exists within the target app, but these four apps allow for the enhanced capability. Note that Okta remains the master of these exchanges.
For details special to AD, see Active_Directory_OUs, below.
Note: Currently, this option is only available for these applications, but Okta will periodically add this functionality to more and more provisioning-enabled apps.
Using G Suite as our example,
Active Directory OUs
When you choose a group in Okta to push to AD, you must specify the target OU, and pre-select it on the Settings tab of your Active Directory instance.
To pre-select the target OU,
To specify a target OU,
From the Admin Dashboard, click to the Applications drop-down menu.
Group Push Operations
Group Push (GP) allows admins to take ownership of third-party, target apps in Okta. This is done by either pushing Okta groups to target apps (GP) or by using enhanced Group Push (GPE) to import groups from target apps and linking them to Okta. The table below details the supported operations and how they appear in Okta.
When an error occurs, alerts appear to diagnose the problem. An red error panel and menu appear to list possible issues.
The most important concept to understand in pushing groups is that pushed groups are managed from Okta. Making changes from the target app causes a misalignment with Okta and a number of problems. Some can be diagnosed through the Errors page, while others may not.
Groups appear in the target app without their users
If you have successfully pushed a group to the target app, but the assigned group members do not appear, verify that one of the following is true:
If some group members are assigned to the target app and others are not, only successfully assigned members will appear in the target app.
A group has been deleted directly from the target app
To recover, you must delete the pushed group and reinstate the target app memberships.