Integrating Setyl and Okta: The Complete HR & IAM Guide

How to integrate Okta's IAM or HR platforms with Setyl

Setyl supports three different types of Okta integrations:

HR Connection: Relying on Okta as a data source of HR information only, to synchronize into Setyl. Covered within this article.

IAM Application and License Connection: Using Okta’s Identity Access Management (IAM) service as a source for importing Applications and Licenses into Setyl. Covered within this article.

SAML Authentication Connection: Substituting Setyl’s own method of authenticating users, with a Company-managed SAML authentication service, such as Okta. Covered within the article: https://help.setyl.com/a-guide-to-saml-sso-for-setyl

Setyl can integrate with Okta on two levels for HR and IAM:

Only as an HR connection to import a list of People and related attributes, or
Full identity access management (IAM) integration to import a list of Okta-managed Applications and Licenses and HR data.

Both integrations are read-only.

We recommend using the full IAM integration, as this enables Setyl to maintain a real-time view of people, apps and licenses within the Organization.

By integrating Okta’s IAM service with Setyl, your Organization is able to:

Import a list of People and related data (job titles, departments, etc) from Okta. Note that Setyl can import People data from multiple sources simultaneously. We recommend also connecting Microsoft/Google and your HR provider.
View Apps provisioned within Okta, alongside Apps managed outside of Okta. This can be useful as a basis for a ‘to do list’ for Apps that need integrating into the managed Okta ecosystem.
Automatically track the assignment of Licenses to People.
Overlay License assignment data from Okta with spend, commitment and other contractual data from Setyl to create a comprehensive view of Apps and Licenses.

Licenses managed outside of Okta are also displayed within Setyl, creating a holistic view of all Apps and Licenses across the Organization.

Other benefits of using Setyl’s Apps and License functionality include:

Ensure your role within Setyl is “Owner” level.
Ensure your Organization subscribes to Setyl’s IAM integration functionality. If subscribed, you will see Okta listed within the Apps & Licenses section of Settings > Integrations.

Sign into the Okta Admin console, then go to Security > API and create a new API key/token. Name the token “Setyl”
Keep the page open that displays the API key/token value until the remaining process is complete.

In a new tab/window, open Setyl, then go to Settings > Integrations and find the Okta entry in the applications and licenses section. Note if you only integrating Okta HR, find the Okta entry within the HR section.
Paste the Okta domain. For example if you access Okta at 'https://dev-123.okta.com', then the domain is 'dev-123.okta.com', without the 'https://'.
From the previous Okta screen, copy the API key/token value, and paste into the API key field in Setyl.
Within Setyl, click to save and connect to the new Okta integration.

In Setyl, go to Apps > All Apps > Discovered tab. From here you will see a list of applications that have been discovered from different sources. Apps discovered from Okta will have an Okta logo as a detection source. From here you can filter to apps only detected from Okta by using the filter.
Ignore any Apps that don’t require tracking, e.g. logins to news websites or travel sites, and Onboard any Apps that you wish to track via Setyl.
From the Onboarding screen, you will see that a license has been automatically created where detected in Okta. This license can be updated with contractual and spend information from Setyl before being moved to the Register.