There are multiple steps in the process of onboarding a Service Provider into Okta. The following summary table indicates who is responsible for each high-level step.
|
Responsibility |
Okta System Administrator |
Service Administrator |
|---|---|---|
|
Provide fully completed Okta integration form |
|
x |
|
Create Grouper group for service and delegate to Service Administrator |
x |
|
|
Use Grouper for group membership |
|
x |
|
Create Okta Integration |
x |
|
|
Provide Required Service Secrets |
x |
|
|
Test Application with Okta |
|
x |
|
Application Go-Live |
|
x |
The following are key responsibilities for services already operating within Okta.
|
Responsibility |
Okta System Administrator |
Okta |
Service Administrator |
Service Owner |
|---|---|---|---|---|
|
Maintain Application Access via Grouper |
|
|
x |
|
|
SAML Certificate Notifications* |
x |
|
|
|
|
SAML Certificate Maintenance* |
x |
|
|
|
|
Technical Service Changes** (Updates, Retirement) |
x |
|
x |
x |
|
Changes to Service Support Contacts |
|
|
|
x |
|
Troubleshooting SSO login issues |
x |
x |
x |
|
|
Backups |
|
x |
|
|
|
Disaster Recovery |
|
x |
|
|
* This only applies if a service is integrated via SAML. Okta provides OIDC and SAML integrations.
** Service Owner should notify Identity Management if the service is retired so the app can be deleted in Okta. If an app server is changed or upgraded, it may need to be coordinated with Identity Management to avoid service disruption.