nzta/silverstripe-okta-api

Integration with the Okta API

Installs: 209

Dependents: 0

Suggesters: 0

Stars: 1

Watchers: 3

Forks: 5

Open Issues: 2

Type:silverstripe-vendormodule

2.0.3 2019-03-25 00:07 UTC

README

Provides the ability to integrate with the Okta API and sync users and groups from Okta into your SilverStripe database.

Documentation for the Okta Users API can be found here Documentation for the Okta Groups API can be found here

Requirements

SilverStripe 4.x

Features

  • Queued job to sync users from Okta into SilverStripe
  • Queued job to sync groups from Okta into SilverStripe
  • Configurable reschedule time for queued job (to sync at user defined intervals)
  • Configurable mapping of SilverStripe database fields to Okta API fields
  • Configurable cache lifetime for List Users API
  • Configurable list of statuses to sync across
  • CMS configurable filters to define which groups to store from the sync groups job

Installation

composer require nzta/silverstripe-okta-api

And you will need to add the following constants to your .env file:

SS_OKTA_GATEWAY_REST_URL="https://<organisation>.okta.com/api/v1/"
SS_OKTA_API_TOKEN="<token>"

Where {organisation} is your organisation's Okta sub domain and {token} is your API token which can be generated by following these instructions.

Configuration

You can update your Member field mapping by adding the following to your mysite/_config/config.yml:

OktaProfileMemberExtension:
  okta_ss_member_fields_name_map:
    CustomField: 'customField'
    ExtraCustomField: 'profile.extraCustomField'

Where the CustomField and ExtraCustomField are the SilverStripe Member database field names and customField and profile.extraCustomField are the keys in the object returned from the Okta API for each user. The dot notation in profile.extraCustomField allows you to map to fields nested one level deep, e.g. the extraCustomField key inside of a profile top level key.

Note: This replaces the default configuration so you will have to include the original Member fields, e.g. FirstName, Surname and Email, if they are required to be synced.

You can add/update additional queue jobs by adding the following to your mysite/_config/config.yml:

SyncOktaUsersJob:
  additional_job_list:
     - 'AdditionalFirstJob'
     - 'AdditionalSecondJob'

Where the AdditionalFirstJob and AdditionalSecondJob are the additional SilverStripe QueuedJobs that you can run after the primary job (SyncOktaUsersJob) finishes. You can set the public $schedule_after static to delay when the additional jobs kicks off. Eg. setting public $schedule_after = 30 would mean additional job would start 30 seconds after the main job finishes.

Okta Group Filters

You can create filters in the CMS that define which groups should be saved into the SilverStripe database. These work by defining a key/value pair which a group from the Okta API should match. These filters are configured to be matched using an OR style filter, so you can create multiple filters and each group from the Okta API just needs to match one of the filters.

These filters can be created in the Okta Group Filters ModelAdmin and each filter has a Filter and Value field which maps to the key/value pair respectively.