gc68z (gc68z) asked a question.
I am looking for a way to automate adding selected users to an okta application in a batch form. What this means is, I will submit the users' email addresses, which is the user identifier for this application, and somehow those addresses will e added to the application, instead of me, hunting and pecking users from the GUI, one-by-one.
Please do not say you can add everybody in one sweep, because this access is granted on request basis due to licensing and other concerns.
Is there any such thing ? I perused the documents I could find about the Okta CLI, but it did not look like it is designed for this purpose.
I also would like to add that, I am not a full Okta admin. I Was given rights to administer a couple of applications that I own manage. If there needs to be done something by the Okta superadmins (as I do not know the correct nomenclature) please kindly guide me what needs to be done on that end and how.
Thanks
Any suggestion is greatly appreciated.
If you have their emails you could definitely write a script to call the Okta API if you do not want to use the GUI. This is fairly straightforward.
https://developer.okta.com/docs/reference/api/groups/#add-user-to-group
Hi, @gc68z (gc68z)
Thank you @00usezlqsHdQlhvV9351.5615771738102039E12 (Customer) for providing insight to the problem.
I want to add that I have done some research and it appears that your use case is not achievable by App admins, only by Super Admins. Please check the below documentation on administrator roles and managing and creating group rules.
Hope this helps!
Thank you for reaching out to our Community and have a great day!
____________________________________________________
If my answer helped, remember to select it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
_____________________________________________________________________________
The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.
_____________________________________________________________________________
Unfortunately, in my environment, we have multiple AD domains which do not integrate with one another well. So, group membership based application assignment to people is more convoluted than assigning the application to a person individually. But when you do tens of people at a time, this also becomes a tedious process, especially using the Okta GUI, especially considering the extremely bad pattern matching process of Okta.
This is why I am looking for a scriptable solution.
Thanks foir the answer anyway.
Use a group rule if email contains add to group use group for app access.
For the conditions in my Okta / Active DIrectory integration environment, my use case can not be accomplished by group memberships, at least not any easier than what currently is in play.