<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008C3jjQSAROkta Classic EngineAdministrationAnswered2023-02-20T22:39:00.000Z2017-06-30T21:00:47.000Z2017-07-04T12:38:01.000Z

Blake (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Changing Google Primary Domain
We are looking to change our Google Primary domain. Has anyone out there gone through this process? We are looking for some insight behind what the process looks like on Okta's end. Do we have to kill the current connector and create a new connector? Any feedback on this would be very helpful.
  • 1 answer
  • 873 views

  • adrian.haisan1.4907964798855503E12 (Okta, Inc.)

    Hi Blake,

     

    You don't have to delete the current one but a new one will have to be created.

    It mostly depends on what was imported. If the membership is based on the groups, for example:

    When you will be re-creating the groups in Google apps the user membership will update. To ensure that they will not be loosing access to any applications or get deprovisioned here is what I suggest: Create Okta groups that will mirror the G Suite groups you will be removing to hold the user app memberships and once the groups are imported from the new G Suite then you can allow them to hold the group assigments.

    The steps will be something like this:

     

    -Create Okta groups to mirror the groups from "domain A", for "group 1" in domain create an okta group like "okta group 1" and do this for all groups from that domain

    -Create group rules to add user assignments, it can be done by accessing from Okta directory>Groups>Rules>Add rule

    Name the rule and have the expression be something like: IF group membership any of "group 1" then assign to "okta group 1" and save it like that. Repeat the process for all groups.

    -Assign the applications(Including  and attributes to mirror the ones currently in place for the "domain A" groups to all Okta created groups.

    -Activate rules from Okta directory>Groups>Rules so the users will be assigned to the groups in Okta, once the users are moved deactivate the rules and you can delete the groups from "domain A", the Okta groups should hold the application assignments preventing the users from deprovision,

    -Once that`s done import the groups from "domain B" and add the groups and attributes to them ad it was done before the Okta groups,

    -Once the assignments are correctly setup you can remove the Okta groups as well.
    Expand Post
This question is closed.
Loading
Changing Google Primary Domain