Can I turn over provisioning of new Domo users to my internal IT team to handle it all using Okta?

Hi all- I found these reference links:

https://www.okta.com/integrations/domo/ (appears that provisioning is *NOT* supported)

https://www.okta.com/domo/ (appears that provisioning *IS* supported)

And this forum thread:

But it doesn't seem 100% clear to me on whether new Domo user provisioning can be handled totally by Okta without manual steps in Domo for each new user added (outside of the initial "provisioning" configuration required between Okta and Domo, of course).

Is anyone here able to confirm if you were able to configure all new Domo user provisioning via Okta, without a need to add each user manually in the Domo app itself?

In other words, can I turn over provisioning of new Domo users to my internal IT team to handle it all using Okta?

Thanks for any feedback!

Best Answer

  • MichelleH
    MichelleH Coach
    Answer ✓

    @BryantCafferty I believe you can have Domo inherit directory groups from Okta that you can use to manage access without a manual touch. Here are the directions from Domo's Admin panel.

Answers

  • MichelleH
    MichelleH Coach
    Answer ✓

    @BryantCafferty I believe you can have Domo inherit directory groups from Okta that you can use to manage access without a manual touch. Here are the directions from Domo's Admin panel.

  • Thanks @MichelleH! This is helpful. I'll follow up here if I'm able to make progress with our Okta team.

  • TiagoV
    TiagoV Member

    Hi @BryantCafferty just curious if you were able to seamless integrate Domo with Okta? Thank you in advance

  • Hi @TiagoV - apologies to you and to the community for my lack of follow-up on this one! It took a while to get a final answer and I lost sight of my comment here.
    So it turned out the org had previously configured an integration with Okta that was passing user attributes that we were leveraging to define Dynamic Groups in Domo. The reason we weren't seeing users get automatically created was a checkbox. Under the SAML (SSO) settings under Authentication in the Admin panel, we had to uncheck the box in "Advanced settings" for "Only invited people can access Domo."
    For deprovisioning, we went with using Tray to receive an Okta deprovisioning webhook signal to then send an API call to Domo to change the user to a "Social" role, which basically shuts off user access but preserves anything tied to their user in Domo. (Users can be removed later if needed manually in Domo once all migrations are complete.)
    Hope that helps!

  • TiagoV
    TiagoV Member

    Hi @BryantCafferty it definitely helps! Appreciate it !