Dynamic IdP Groups for Okta

  • Updated

Using the Dynamic IdP groups functionality reduces the time spent creating groups and manually adding or removing members in two places. Now, you will be able to work with the groups that have already been made within Okta and use them for workflows and assignments within Vanta! 


What are Groups?

  • Multiple users with similar responsibilities, tasks, or job descriptions can be grouped.
  • Groups can then assign Checklists to multiple users, making it easier to manage which tasks are assigned to specific people.

Importing Groups from Okta

  • Select Import Groups from the Groups page in the top right-hand corner.

  • From here, you will be asked to select which groups you would like brought Into Vanta.
    • Select the check box next to the group name to signify they should be imported

  • Once you have selected, click Next in the lower right-hand corner. 
  • Choose a checklist from the drop-down to be assigned to each group

  • Click Next
  • Could you review your import? If you would like to make changes, select Back. If you are ready to import into Vanta, you can choose Import Groups.
  • The newly imported groups will now appear on your groups' list as Created by Okta.
  • Checklists for an identity provider imported group can be updated similarly to any other list or group.

Updating Groups in Okta

  • When adding or removing users from groups within Okta, that information will automatically be updated and reflected in Vanta. 
  • If you don't see the changes reflected right away, select Refresh data to force the update


Reassigning Groups 

  • Once a user is assigned to a group through Okta, their group cannot be reassigned from within Vanta.
  • To control the user's group through Vanta, remove the user from the Okta-created group or delete the imported group in Vanta.
  • If you were to rename a group imported from Okta, the name change would have to be made within Okta. Once saved, the name change will also be reflected in Vanta.

Removing Imported Groups

  • The imported group will need to be deleted to remove an Okta group import.
    • To delete a group, open the Groups page and select the Okta-imported group you would like to remove
    • Select the options menu (...), and select Delete Group

  • When this happens, all existing identity provider group users are reassigned to their prior Vanta groups, and the identity provider group is removed from Vanta. If needed, The group can always be re-imported if the admin changes their mind.

Please keep in mind that:

  • We do not support IDP groups with more than 8,000 employees. Users will not see groups with more than 8,000 employees show up in the UI when importing groups. 
  • We don't support fetching more than 10,000 groups for our Okta IDP group integration due to rate limiting imposed by Okta. If a user has 10,000+ groups, only the first 10,000 will be available for import.
  • Changes from identity providers are only reflected when resources are refreshed on a two-hour cadence. Customers can also trigger these refreshes from the group's drawer on the group's page.
  •  Suppose a user is in multiple groups in their identity provider, and both groups are imported within Vanta. In that case, we place the user into the last imported group in Vanta by default. This can subsequently be changed from the people page by editing the group for a user.
  • It is best practice for admins to only import groups that don't overlap in which employees belong to which groups. Vanta only supports one group per user and resolves conflicts by assigning users the last imported group.

Was this article helpful?

Have more questions? Submit a request