Manage user accounts with Okta
Jan Ustohal avatar
Written by Jan Ustohal
Updated over a week ago

Okta connects any person with any application on any device and with Back, you can now trigger Okta actions from within any Back request.

Setup in Okta

This integration requires an API Key, which will need to be generated by an Okta admin in Okta.

  1. In the Sidebar, click on Security and select API

  2. On the API page go to Tokens

  3. Name the token with something you'll remember - we used Back Integrations - and select Create token

  4. Important! Copy the API Key to your clipboard before closing the dialog

  5. When you've copied the API key, choose Ok got it

When you have the API key copied, navigate to the Integrations page in Back.

Setup in Back

Now that you have the API key, you can complete the integration.

  1. Click on Connect in the Okta row on the Integrations page

  2. Enter your domain (in our example that was back-demo)

  3. Enter the API token you created earlier

  4. Select at least one team that would have access to Okta actions.
    ℹ️ Any team selected will have the ability to trigger Okta actions from Back. The Okta integration will only show in the request detail for requests in teams configured here.

Watch the whole setup process on this short video:

Okta actions in Back

With the Okta integration, you can take the following actions directly from the request detail.

Account actions

  • Reset multifactor – only visible when the account has MFA enabled

  • Clear user sessions

  • Activate / Deactivate user – only applicable variant is shown depending on the account status

  • Suspend / Unsuspend user – only applicable variant is shown depending on the account status

Groups and Apps actions

  • Manage employee's membership in Okta groups

  • Manage user's app individual assignments

💁🏻‍♀️ For groups and apps management the Back UI will show all groups and applications assigned to the user, however, default groups and applications inherited from group memberships will not be editable and will be shown with the 🔒 symbol next to them.

Currently assigned applications and groups can also be seen in the sidebar, under the Requester tab, together with any profile information from the HR system.

Did this answer your question?