<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y000061IGtOSAWOkta Classic EngineIntegrationsAnswered2024-04-15T12:56:58.000Z2019-03-05T17:20:29.000Z2019-05-13T20:55:15.000Z

nc77h (nc77h) asked a question.

March 5, 2019 at 5:20 PM
should box push group membership show under assignments

I'm relatively new to Okta and have been trying to tidy up my Organization's apps. Currently working on Box, and I think I have everything setup properly, but push groups have me slightly confused.

 

So I created an AD group for Okta to have the Box app assigned to it, then several other AD groups that would be used as push groups in Okta to Box, with no app assignments. After converting the individual assignments to groups, now if I view anyone's assignments the check-boxes are all empty, but Okta does show they are a member of the group as well as in Box.

 

Is this by design? I'm guessing I could also assign the Box app to all the push groups with their respective groups assigned, but it seems odd to have to do that since Okta already knows it's a push group?

  • 2 answers
  • 663 views

  • VanH.30758 (Lytx, Inc.)

    Hi Kuzma,

     

    Are the extra groups so that you can assign users to different Box.com groups? If so you may want to consider leveraging OKTA Expression Language:

     

    https://developer.okta.com/reference/okta_expression_language/

     

    It does take a little bit to understand and get used to, but makes OKTA administration a lot easier and powerful when you get a hang of it.

     

    If you're trying to accomplish what I mentioned at the start, you can use OKTA Expression Language to achieve this within the same app assignment. If you're doing API provisioning, you would put the logic in profile editor (OKTA to Box) and specifically the isMemberOfGroupName expression.

     

    The logic would look something like this, isMemberOfGroupName("AD_Group1")?"Box_Group1":"Box_Group2"

     

    What that says is if user is member of AD Group 1, the question mark= THEN, put them in Box Group 1, the ":" means ELSE put them in Box Group 2.

    Expand Post
    Selected as Best

  • VanH.30758 (Lytx, Inc.)

    Hi Kuzma,

     

    Are the extra groups so that you can assign users to different Box.com groups? If so you may want to consider leveraging OKTA Expression Language:

     

    https://developer.okta.com/reference/okta_expression_language/

     

    It does take a little bit to understand and get used to, but makes OKTA administration a lot easier and powerful when you get a hang of it.

     

    If you're trying to accomplish what I mentioned at the start, you can use OKTA Expression Language to achieve this within the same app assignment. If you're doing API provisioning, you would put the logic in profile editor (OKTA to Box) and specifically the isMemberOfGroupName expression.

     

    The logic would look something like this, isMemberOfGroupName("AD_Group1")?"Box_Group1":"Box_Group2"

     

    What that says is if user is member of AD Group 1, the question mark= THEN, put them in Box Group 1, the ":" means ELSE put them in Box Group 2.

    Expand Post
    Selected as Best

  • nc77h (nc77h)

    Yes the extra groups are specifically for Box.com groups. I am using the Push Groups options, so users are a member of the groups in Box based on their AD Group membership. I was just specifically talking about when you go to the Box app in Okta, then "Assignments", when you click on the pencil/edit button next to a name, all of the boxes next to the groups are empty.

     

    It's not totally necessary, but I figured if the user is a member of one of those pushed groups, that Okta would automatically fill in the box next to any groups they were a part of. The only way I could think to fix that, is to assign the box app to each of the pushed groups under "Assignments", along with selecting the related box-group in the pop-up.

    Expand Post
This question is closed.
Loading
should box push group membership show under assignments