<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UeDSAVOkta Classic EngineAdministrationAnswered2024-04-17T13:20:54.000Z2016-03-22T14:24:35.000Z2017-07-12T14:23:58.000Z

m4szs (m4szs) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Nesting Groups
Hello,

 

We have a group named Box_Users in our Active Directory that syncs up to OKTA.  We have to add each individual to this group in order for them to have access to Box.

 

There is a built-in group within AD named "Domain Users".  Instead of adding each individual to Box_Users, we would like to just add "Domain Users" to the Box_Users group.  Does Okta support this type of nesting?

 

Unfortunatly, we can't use the built-in Okta group "Everyone" because we don't want our Okta Mastered users to see the Box icon.

 

Any thoughts on this would be appreciated.
  • 4 answers
  • 2.1K views

  • James Garvin - Okta (Okta)

    Hi Wayne,

     

    There is an Early Access Feature called Group Membership Rules, which will allow you to create a dynamic group membership rule based on specific criteria, like "is a member of Domain Users."  You would need to contact Support to enable this feature.  

     

    You could create an Okta Mastered Group, set the rule for the Group "is a member of Domain Users," and then push that group to Box.  That would solve your problem and allow you more robust management.
    Expand Post

  • m4szs (m4szs)

    Thank you both for your replies.

     

    In answer to the question about 'why can't I assign the Domain Users AD group to Box', that is because it does not appear in an OU that gets imported from Okta.  It is in the "Built In" OU of AD.  That is not listed in the Directory Integrations.  Were you able to import Domain Users?

     

    Group membership rules sounds like a possible option.

     

    Based on both responses, you got me thinking... I see that you can attach a directory to a group.  So I am thinking of creating an Okta Mastered group and then attaching the domain directory to that group.  Does that sound like it would work?

     

    Expand Post

  • Wils (Okta, Inc.)

    Gotcha. I'll let James take it from here as he's more familiar with that.
This question is closed.
Loading
Nesting Groups