This article describes some of the options available to manage Okta application access via Grouper for technical service owners or IT professionals.

There are three main options that are available to manage application access to Okta applications:

1. Automated application access through Grouper reference groups. These are typically driven by authoritative data sources such as Workday, AIS, and other services. Identity & Access Management (IAM) can work with you to determine the correct reference groups to use based on the population described when executing an Okta SSO integration and if it is possible to fully automate using these.
2. An additional step to manual application onboarding processes. In many cases, a designated person or group of people can add a user to an SSO application internally. After integrating with Okta, they will also have to add them to the appropriate Grouper group determined by IAM. Other people can be added or removed to manage the group via delegation.
3. Automated application access through the Grouper API. This typically involves processing users that are added and removed inside of the application and adding or removing the associated user into grouper with a custom job. This requires the use of an IAM service account for Grouper and custom code to call the Grouper API.