nzta / silverstripe-okta-api
Integration with the Okta API
Installs: 550
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 4
Forks: 6
Open Issues: 0
Type:silverstripe-vendormodule
Requires
- guzzlehttp/guzzle: ^7.0
- silverstripe/cms: ^4.2
- silverstripe/framework: ^4.2
- symbiote/silverstripe-queuedjobs: ^4.2
Requires (Dev)
- phake/phake: ^3.1
- phpunit/phpunit: ^9.5
- squizlabs/php_codesniffer: ^3
README
Provides the ability to integrate with the Okta API and sync users and groups from Okta into your SilverStripe database.
Documentation for the Okta Users API can be found here Documentation for the Okta Groups API can be found here
Requirements
SilverStripe 4.x
Features
- Queued job to sync users from Okta into SilverStripe
- Queued job to sync groups from Okta into SilverStripe
- Configurable reschedule time for queued job (to sync at user defined intervals)
- Configurable mapping of SilverStripe database fields to Okta API fields
- Configurable cache lifetime for List Users API
- Configurable list of statuses to sync across
- CMS configurable filters to define which groups to store from the sync groups job
Installation
composer require nzta/silverstripe-okta-api
And you will need to add the following constants to your .env
file:
SS_OKTA_GATEWAY_REST_URL="https://<organisation>.okta.com/api/v1/"
SS_OKTA_API_TOKEN="<token>"
Where {organisation}
is your organisation's Okta sub domain and {token}
is your API token which can be
generated by following these instructions.
Configuration
You can update your Member field mapping by adding the following to your mysite/_config/config.yml
:
OktaProfileMemberExtension:
okta_ss_member_fields_name_map:
CustomField: 'customField'
ExtraCustomField: 'profile.extraCustomField'
Where the CustomField
and ExtraCustomField
are the SilverStripe Member database field names
and customField
and profile.extraCustomField
are the keys in the object returned from
the Okta API for each user. The dot notation in profile.extraCustomField
allows you to
map to fields nested one level deep, e.g. the extraCustomField
key inside of a profile
top
level key.
Note: This replaces the default configuration so you will have to include the original Member fields, e.g. FirstName, Surname and Email, if they are required to be synced.
You can add/update additional queue jobs by adding the following to your mysite/_config/config.yml
:
SyncOktaUsersJob:
additional_job_list:
- 'AdditionalFirstJob'
- 'AdditionalSecondJob'
Where the AdditionalFirstJob
and AdditionalSecondJob
are the additional SilverStripe QueuedJobs
that you can run after the primary job (SyncOktaUsersJob
) finishes. You can set the public $schedule_after
static to delay when the additional jobs kicks off. Eg. setting public $schedule_after = 30
would mean
additional job would start 30 seconds after the main job finishes.
Okta Group Filters
You can create filters in the CMS that define which groups should be saved into the SilverStripe database. These work by defining a key/value pair which a group from the Okta API should match. These filters are configured to be matched using an OR style filter, so you can create multiple filters and each group from the Okta API just needs to match one of the filters.
These filters can be created in the Okta Group Filters ModelAdmin and each filter has a Filter
and Value
field
which maps to the key/value pair respectively.