Sync Employees with Google and/or OKTA

Respondida

Comentários

36 comentários

  • Comentário oficial
    Avatar
    Lauren Ashley

    Hi John,

    Thank for your request! I have forwarded your idea to our development team for review. We base a lot of our development on customer feedback so we appreciate your input.

    Thanks again!

    Lauren
    KnowBe4

    Ações de comentário Permalink
  • Avatar
    Lauren Ashley

    Hi Jonathan,

    My apologies, I failed to mention that we actually do support OKTA SSO. You can add your users using this SSO provider. Once Okta is configured and your users log into the KnowBe4 console they will be automatically added. Please follow this article to configure Okta SSO/SAML. If you have any questions feel free to create a support ticket here.

    Thanks!

    Lauren
    KnowBe4 

    -1
    Ações de comentário Permalink
  • Avatar
    Jason Ozin

    I'm looking to do the same and I don't believe that Lauren's answer is correct. Sure you support OKTA as a SSO provider but as far as I can see you don't support OKTA as a authentication provider. So if you have the phishing only platform and don't want to/can't set up login users, but DO want to sync your list of users, you can't do this. As Jon says this is a PITA. Please add OKTA LDAP Sync or similar.

    2
    Ações de comentário Permalink
  • Avatar
    Douglas Freeman

    Hi Jason, 

    I might be able to some clarification, We do offer Authentication to our console via SSO. As in your users can use it to log in from the OKTA portal, but we do not have full user provisioning with Okta. We can modify the console so that a user's profile is created when they attempt to log in by following the directions here

    Although you are correct in that someone using a phishing only platform would not be able to utilize user import in that manner. The other means of user provisioning are ADI sync, 

    So I'll go ahead and create an additional feature request on this item for you for full SAML provisioning and get that over to our development department. They take these items seriously and love hearing from our customers on what we can implement to improve the process. 

    Thank you again for contributing! We always appreciate the feedback. 

    0
    Ações de comentário Permalink
  • Avatar
    Ingo Dean

    Desperately need this, because we're decommissioning AD and moving completely to Okta/Google.

    2
    Ações de comentário Permalink
  • Avatar
    Ashley Rush

    Hello Ingo,

    I have submitted a feature request on your behalf to our development team. Thank you for contributing to the community board!

    Ashley
    KnowBe4

    0
    Ações de comentário Permalink
  • Avatar
    Andrew Meyercord (Editado )

    Hi Jon,

    It sounds like what you're looking for is support for the SCIM protocol, which is part of Okta lifecycle management and Google GSuite.

    I would also love to have this, as it makes it a snap to move/add/change users, gives me one source of authority for user properties, and doesn't require separate AD agent for every cloud application, each with their own sync schedule.

    KnowBe4 developers, check out https://developer.okta.com/docs/concepts/scim/faqs/ for details on integrating with Okta's implementation of the SCIM protocol

    4
    Ações de comentário Permalink
  • Avatar
    Douglas Freeman

    Hello Andrew, Thank you for adding your voice to this request.
    That's how our Dev team knows what features are being requested. 

    I've submitted a request for you on this item and made sure that I added your references to the request so our development team has those. 

    Thank you for contributing to the community board we always appreciate the input. 

    1
    Ações de comentário Permalink
  • Avatar
    Milsonneau Nicolas

    Hello,

    We look forward to the support of OKTA's SCIM functionality by KnowBe4, the need is very strong and will be even stronger in the future. Could you let us know when this feature will be available?

    2
    Ações de comentário Permalink
  • Avatar
    Douglas Freeman

    Hello Milsonneau,

    Thank you for posting in this thread. Currently, we don't have an ETA on when this feature will be available but I will put an additional request in on your behalf for our development teams review! 

    Thank you again for contributing to the community board! 

    0
    Ações de comentário Permalink
  • Avatar
    Milsonneau Nicolas

    Thanks for your reply Douglas.

    Okta also has a feature called Event Hook, which can post user data onto an application, in order to feed application's user repository.

    Okta sends a post each time a user is created, Application has to expose an endpoint able to read those post, in JSON format.

    Does KB4 has such feature (endpoint) ?

    0
    Ações de comentário Permalink
  • Avatar
    Seth Leonard

    Hi,

    While Doughlas Freeman mentioned there is no ETA on Okta SCIM functionality, what about LDAP?  Okta has an LDAP interface...

    0
    Ações de comentário Permalink
  • Avatar
    Douglas Freeman

    Hello all, 

    Yes that is correct we do currently have an LDAP endpoint I don't believe that we can integrate with OKTA using LDAP at this time. I'd be glad to get you a support ticket so we could look into that integration to see if it's feasible.

    0
    Ações de comentário Permalink
  • Avatar
    David Harman

    There is an LDAP sync agent or the AD Sync agent that works over LDAP which is hard coded to some very AD specific parameters and won't work with other LDAP systems?  I spent a lot of time at the start of the year trying to use the AD LDAP agent with Okta and Foxpass LDAP and I could get it to read and discover the users, but it wouldn't sync as it was looking for AD specific parameters which caused the process to fail.  I provided all of the information to our account rep when I did the testing.

    0
    Ações de comentário Permalink
  • Avatar
    Douglas Freeman

    Hey David, 

    That is pretty much correct. We use a designated AD sync tool to connect to active directory and provision users. The tool packages the data into a .JSON file and sends it via API to the console. We have had customers successfully initiate that sync utilizing their own platforms that have the capacity to generate those .JSON files and send successfully.

    This method is not currently supported by KnowBe4 at this time though. 

    0
    Ações de comentário Permalink
  • Avatar
    Wei Tseng

    Wanted to add my support for this feature request. We also use Okta (without AD) and SCIM would make our lives (InfoSec, IT) so much easier and more effective. Manual periodic import or asking another team to manually add/remove accounts is not sustainable or productive.

    2
    Ações de comentário Permalink
  • Avatar
    Ashley Rush

    Hello Wei,

    Thank you for your contribution to the community board! I have submitted another feature request to our development team regarding using SCIM.

    Thanks!
    Ashley

    0
    Ações de comentário Permalink
  • Avatar
    Joseph Reyes

    I would like to add another feature request for the Okta SCIM request. 

    3
    Ações de comentário Permalink
  • Avatar
    Walter Nelson

    Hi Joseph,

    Sure thing! Thank you for posting. I have submitted this additional feature request for Okta SCIM on your behalf.

    0
    Ações de comentário Permalink
  • Avatar
    David Laws

    I'd also like to request Okta SCIM provisioning in KnowBe4.  We're moving away from Active Directory very quickly.

    2
    Ações de comentário Permalink
  • Avatar
    Kivi Dennis

    Hi David,

    Thanks for your post. I have sent your request directly to our development team as a +1 to the feature request.

    0
    Ações de comentário Permalink
  • Avatar
    Artem Tykhonov

    Hello, 

    I also would like to add another feature request for the Okta SCIM request. Would be great to have it. 

     
    1
    Ações de comentário Permalink
  • Avatar
    Kivi Dennis

    Hello Artem,

    Thank you for your contribution to the community board. I have added your request as a feature request. 

    0
    Ações de comentário Permalink
  • Avatar
    Victor Kurkov

    Is this feature request gaining additional traction since the original request back in 2017? Manually Provisioning user details for anyone not using Azure AD is a huge waste of time. SCIM w/ IDP's such as Okta is long overdue. I am sure I can speak for quite a few existing customers that currently use Okta (or other IDP's capable of SCIM) for SSO into KnowBe4 would rather see Provisioning/DeProvisioning addressed and figured out rather than new bells and whistles of additional insights, etc. KnowBe4 is already a great product, but this component is greatly lacking. Been waiting on this since 2019 and no end in sight. It's definitely frustration at this point. Thank you in advance for making this a huge priority!

    2
    Ações de comentário Permalink
  • Avatar
    Walter Nelson

    Hi Victor,

    While I am unable to provide a precise ETA on when this will be released, I am excited to tell you SCIM provisioning via Okta is something we are working on and should be released sometime this year.

    2
    Ações de comentário Permalink
  • Avatar
    Stephen Mastin

    I would also like to add another feature request for the Okta SCIM request.

    2
    Ações de comentário Permalink
  • Avatar
    Kivi Dennis

    Hi Stephen,

    Thanks for your contribution to the community board. I have added your request as a +1 to the feature request.

     

    0
    Ações de comentário Permalink
  • Avatar
    John Williams

    I would also like to add another feature request for the Okta SCIM request.

    Thank you,
     
    John
    1
    Ações de comentário Permalink
  • Avatar
    Kivi Dennis

    Hi John,

    Thanks for your post and for showing continued interest in this feature. I've included you as a +1 to this request.

    0
    Ações de comentário Permalink
  • Avatar
    Mel Masterson

    I would also like to add another feature request for the Okta SCIM request.

    0
    Ações de comentário Permalink

Por favor, entrar para comentar.