In addition to my previous blog post about
syncing SAP Enable Now Cloud user accounts with MS Azure AD, this one will explain, how one can do it with Okta IdP. I'll try my best to keep it short and crisp.
😉
So, the script has been updated, and now it supports MS Azure AD and Okta. Also, the information about deactivated SAP Enable Now accounts is being saved to the log file, and one will always see who end when was deactivated by the script.
Setup Steps in Okta
Login to your Okta Portal Administration Interface, navigate to
Security - API, and select the
Tokens Tab. Then click the
Create Token button. The script uses the
Core Okta API and retrieves the information only from the
Users API. As Okta grants the API Token the same permissions as the administrator has who created this token, then for security reasons it makes a perfect sense to generate this token being logged in with the Administrator account who has lesser permissions than the Super Admin. Please find a link to the
official Okta guide about creating API Tokens.
API token in Okta created and active
Save the API Token Secret, as you won't be able to retrieve it again! To connect to the Okta Users API the script needs the
Token Secret, and your Okta URL.
Setup Steps in the Script
Step 1. Download the script from the
GitGub repository
Step 2. In the script's root folder find the
.env file and add the information there about your Okta IdP and SAP Enable Now systems.
Do not modify variable names.
- OKTA_URL - Your Okta URL
- OKTA_KEY - API Token Secret that you created earlier
- SEN_URL - Your SAP Enable Now system URL
- SEN_USER - Your local SAP Enable Now Account with permissions to manage user accounts.
- SEN_PWD - Password for the SAP Enable Now account.
.env with required parameters
Step 3. Select the scheduled run time for the script in the index.js file. It’s in 24 hr format. For testing purposes, set it 1-3 mins ahead of your current time.
The script is scheduled to run daily at 2 AM
Step 4. Run the npm package manager from the script root directory to get the required dependencies
npm install
Step 5. Run the script using the command
node . --sync okta
Step 6. If all parameters in the .env file were set correctly, enjoy the result in the console
as well in the
senSync.log file that is located in the
logs folder
Finally, the account status in the SAP Enable Now is always synced with your Okta (or
MS Azure AD).
Stay curious
😉
Anton.