l433t (l433t) asked a question.
Hello - I’m looking for some guidance on setting up a new Okta instance at an organization that build and uses many applications, and it wants Okta to be the main IDP for those apps, but it also has AD in place for all users and runs a mix of O365 and G Suite. For the moment I’ve been given the relatively small task of setting SSO up with Okta for users to login to RingCentral. At the moment my Okta directory is largely blank except for some admin and test users. All of the people who will use RIngCentral are also in AD. What is my first step here? Would I import all of the AD users to Okta? I assume all users would still have to set up new userIDs and passwords on Okta.
Also, I saw there is a RingCentral app in Okta. I added the application and imported some of the users from RingCentral over. Okta also gave me a handy URL to log in to RingCentral via Okta, which I could do. But once logged in, I was just prompted to enter my existing RingCentral password. (The userIDs on both RC and Okta match). I guess I expected Okta would automatically sign me in to RingCentral? Could someone help me by pointing out what I’m missing here?
@l433t (l433t) -- This is a very involved question and the answer is going to be entirely unique to your environment's needs/resources etc.
Typically, environments have a "Source" for their users. This could be Okta, AD, or some other HRIS and sometimes a combination of them which can add a significant amount of complexity. There is a large amount of documentation available around setup for these types of solutions. Here's is a good landing page to get started:
https://help.okta.com/oie/en-us/content/topics/identity-engine/oie-get-started.htm
Next you are going to have attributes. Many will be sourced as part of the Profile source but others may come from alternate applications and be mapped into Okta's user profile (Application > Okta). Those applications would be the source for those specific attributes and the location they would need to be changed at. You can then configure Okta to push those values to other applications (Okta > Application, this can include your profile source such as AD or an HRIS) as needed so they all contain the same information and are automatically updated if the source location is updated.
Ultimately, it is a good idea to do a review of the resource available, what you want to bring into okta and push out to other applications before actually getting started. Find the associated documentation for the implementations and read over them and answer any questions you can prior to deployment. If you have a preview environment (very common) this is a good place to do your initial rollout for testing prior to rolling out production. Going forward you can test any additional changes (like adding new applications) in preview first.
Again, this is just a general overview.. This ask is really too large for a forum post.