• Documentation

Use Okta with Automation

The Okta integration with Automation is only available to Jira Service Management Cloud customers on Premium or Enterprise plans. Find out how to upgrade your plan.

You can connect your Okta account to your Jira project to automate the process of employee onboarding and other HR tasks. You must be a Jira admin to connect Okta to Jira Automation. Visit Okta's documentation to read more about registering a core API in Okta.

This integration currently only supports connections with Okta using the base domain of "okta.com". If your domain name includes "oktapreview.com" or "okta-emea.com" you will not be able to create a connection with your Jira project.

Configure an API in Okta

Before creating a connection between your project and Okta, you need to register an API client in Okta:

  1. Sign in to your Okta account as a user with administrative privileges.

  2. From the Admin Console, go to to Applications, then Applications.

  3. Select Create App Integration.

    1. For the Sign-in method, select OIDC - OpenID Connect.

    2. For the Application type, select Web Application.

  4. Select Next.

  5. On the New Web App Integration page:

    1. enter an App integration name (for example, Jira - Okta integration)

    2. deselect the Proof of possession field

    3. for the Grant type, under Core grants, select the following checkboxes:

      1. Authorization Code

      2. Refresh Token

      3. Update Sign-in redirect URIs to http://id.atlassian.com/outboundAuth/finish

  6. Select an Assignment option according to your preference

  7. Select Save. Okta will create the app integration.

  8. From the new integration Okta API Scopes tab, grant the required scopes. Select Any, then find the following scopes and select Grant:

    1. offline_access

    2. okta.groups.manage

    3. okta.groups.read

    4. okta.users.manage

    5. okta.users.read

  9. From the new application General tab, copy the Client ID and Client Secret

    1. If you need to create a new Client Secret, you can go to the Okta API Scopes tab and create a new active secret.

  10. From the URL bar, copy the Base URL. For example: http://dev-1234567.okta.com. Remember to remove the -admin part of your subdomain.

Read more about registering a core API in Okta.

Make sure you have these three things before continuing to integrate Okta with Jira: Base URL, Client ID, and Client secret.

Integrate an automation rule with Okta

You can choose to create an automation rule with an action that integrates with Okta. Read more about creating an automation rule.

Each time you create a rule that integrates with Okta, you will need to create a connection using the details you received when you registered the API client in Okta.

  1. From your project settings, select Project settings, then Automation.

  2. Select Create rule and add a trigger.

  3. Select Add component and search for Okta actions by searching for “Okta” in the search box.

  4. When prompted to connect to Okta, select Connect.

  5. Complete the form with a name for the connection and the details you received when you registered the API client in Okta (Base URL, Client ID, and Client secret).

  6. Select Connect.

  7. You will be taken to Okta for authorization.

    1. Sign in to Okta.

    2. When prompted to “Authorize Okta”, select Allow.

  8. Based on the trigger, fill in the form with the required fields

Actions

Add user to a group

This action lets you automatically add users to an Okta group as part of your business processes. This can be useful when you’re onboarding a new employee, transitioning a user to a new department, or granting temporary project access.

Create user in Okta

This action allows you to create a new user in Okta using details about an employee from other services to use in your Jira project. This can be useful for streamlining your onboarding process and gathering employee details when resolving a query. For example, when a user is added to Workday, you might automate the next step to create a user in Okta using their Workday details. Read more about Workday triggers.

Retrieve user details from Okta

This action allows you to retrieve certain employee details from Okta to use in your Jira Service Management project. This can be useful for verifying if the user already exists in Okta to avoid creating duplicates.

Suspend user in Okta

This action allows you to automate this critical security step directly from Jira Automation. This can be useful when you need to suspend a user’s access due to offboarding, leave of absence, or security concerns.

Send custom Okta request

The Send custom Okta request action allows you to send a custom request to Okta using HTTP requests Get, Post, Put and Delete. This can be useful for automating a wide range of tasks in Okta.

Scopes

Scopes determine the access your automation rule is granted to Okta. Some default scopes have been added in Jira for each action. These scopes must be enabled in Okta before creating your connection.

Default scopes

The following default scopes have been added in Jira for each action:

  • offline_access – Requests a refresh token used to obtain more access tokens without re-prompting the user for authentication.

  • okta.groups.manage – Allows the automation rule to manage existing groups in your Okta organization.

  • okta.groups.read – Allows the automation rule to read information about groups and their members in your Okta organization.

  • okta.users.manage – Allows the automation rule to create new users and to manage all users' profile and credentials information.

  • okta.users.read – Allows the automation rule to read the existing users' profiles and credentials.

See the full list of Okta scopes.

Smart values

You can use smart values to access data in Okta for use in your Jira project.

Action smart values

Smart value

Description

{{okta.response.body}}

Returns the response body.

{{okta.response.status}}

Returns the response status.

{{okta.user.department}}

Returns a user's department from Okta, for example: Engineering.

{{okta.user.displayName}}

Returns a user's display name from Okta, for example: Jane Doe.

{{okta.user.email}}

Returns a user's email address from Okta, for example: jane.doe@example.com.

{{okta.user.employeeNumber}}

Returns a user’s employee number from Okta, for example: EMP12345.

{{okta.user.firstName}}

Returns a user's first name from Okta, for example: Jane.

{{okta.user.id}}

Returns a user's Okta ID from Okta, for example: 00u1abc2def3ghi4.

{{okta.user.lastName}}

Returns a user's last name from Okta, for example: Doe.

{{okta.user.login}}

Returns a user's login username from Okta, for example: jane.doe@example.com.

{{okta.user.manager}}

Returns a user's manager from Okta, for example: Jess Deer.

{{okta.user.managerID}}

Returns a user's manager ID from Okta, for example: 001xyz2abc3def4.

{{okta.user.mobilePhone}}

Returns a user's mobile phone number from Okta, for example: +1-555-555-5556.

{{okta.user.primaryPhone}}

Returns a user's primary phone number from Okta, for example: +1-666-666-6665.

{{okta.user.secondEmail}}

Returns a user's secondary email from Okta, for example: jane.doe.personal@example.com.

{{okta.user.status}}

Returns a user's status from Okta, for example: ACTIVE.

{{okta.user.title}}

Returns a user's job title from Okta, for example: Senior Software Engineer.

 

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageConfigure an API in OktaIntegrate an automation rule with OktaActionsAdd user to a groupCreate user in OktaRetrieve user details from OktaSuspend user in OktaSend custom Okta requestScopesDefault scopesSmart valuesAction smart values
CommunityQuestions, discussions, and articles