Group provisioning setup with Okta

Introduction

This article explains how to set up group provisioning between Okta and NordPass Enterprise.
 

Group provisioning allows you to automatically sync groups and their members from Okta to NordPass, simplifying onboarding, offboarding, and access control. Once group provisioning is enabled, all group management is handled in Okta, and any changes made there are automatically reflected in NordPass.

 

Before you start:

  • The User provisioning is already configured between Okta and NordPass.
  • You need to have an Azure, AWS, or Docker environment to deploy the Encryption Service.

 

Here's what to do

  1. Confirm that user provisioning is already set up between Okta and NordPass.
  2. If user provisioning is not configured, follow the User provisioning setup with Okta and complete the setup.
  3. Deploy the Encryption Service on your cloud infrastructure to enable secure group provisioning.
  4. Select and follow the deployment guide that matches your environment:
  5. Log in to Okta.
  6. Open the NordPass Enterprise application created during user provisioning.
  7. Go to “Push Groups”.
  8. Find groups by name or use rules if filters are configured.
  9. Select the groups you want to provision, and click "Push Group".
  10. Confirm the push settings, including "Create Group if it does not exist".

 

Additional tips

  • Users must already be onboarded to NordPass through SCIM user provisioning before they appear as members of synced groups.
  • After a group is synced, any items or folders assigned to that group in NordPass will automatically become available to all group members.
  • Adding or removing users from groups in Okta will automatically update their access in NordPass.
  • After group provisioning is enabled, you can no longer add or remove users from groups directly in the NordPass Admin Panel.

Was this article helpful?