Hello we are using Service-Now for the ticketing system. Okta is importing our user account from AD to Service-Now. My question is, is it possible to import some user account in the AD , not all of them? For example, if the user has a job title of "Consultant", "System Account" then don't import Service-Now? Any others import?
We should break this down into two parts: filtering which users are imported from AD to Okta, and filtering which users are assigned and provisioned to ServiceNow.
Okta has several options for filtering which users come into Okta. You can do this based on which OU the user is in, you can use a filter using LDAP queries, you can map required attributes so users in AD without that attribute would not be imported as they do not meet the requirements, and you can specify individual user accounts to be ignored. Much of this is outlined in our documentation below: https://support.okta.com/help/Documentation/Knowledge_Article/Install-and-Configure-the-Okta-Active-Directory-Agent-1597766701
Once the user is in Okta, you have a few options for automating their assignment to ServiceNow and what app profile they inherit. This is commonly done through group membership and there's a few ways you can do this. If you have AD groups being imported, you can assign the AD groups to ServiceNow and they will inherit users that are a member of that group will inherit the profile you configured for the group. Or instead of assigning AD groups, you can assign Okta mastered groups and use group rules to add the user to one of the groups based on an attribute. This way, all users who have the "Consultant" attribute will be added to the "Constultant" group, which is assigned the ServiceNow app. See our document on "About Groups" below and reference the "Using Group Membership Rules" section: https://support.okta.com/help/Documentation/Knowledge_Article/About-Groups-1011356157