The Okta Integration in Timus Manager allows you to synchronize users and groups from your Okta Directory. Once integrated, your users can sign in to Timus services (e.g., Manager, Connect) using their Okta credentials—enabling centralized identity management, group-based access control, and seamless onboarding.

What This Integration Enables

• Synchronize Okta users and groups into Timus
• Automatically assign synced users to the Okta Users team
• Control access to specific Cloud Gateways (Sites) by group
• Enable Remote Access for authorized groups
• Allow sign-in to Timus applications using Okta SSO

After successful setup, the Preferences tab will be unlocked for managing group sync and site access.

Prerequisites

Before starting, ensure you have:

• An active Okta account with an SSO-enabled plan
• Admin access to your Okta Admin Console
• A registered OIDC Web App
• A generated Client ID, Client Secret, API Token, and your Okta Domain

Register an App Integration in Okta

1. Go to Okta Login and sign in
2. Open the Admin Dashboard
3. Navigate to Applications → Applications
4. Click Create App Integration

1. In the modal, select:
   • Sign-in method: OIDC – OpenID Connect
   • Application type: Web Application
2. Click Next

Configure Basic Settings:

1. App Integration Name
2. In Sign-in redirect URIs, enter: https://auth.timuscloud.com/user/external
3. Complete setup and click Save

Once the app is created, you'll see:

• Client ID

• Client Secret

  (Located under Client Credentials section)

Grant Required API Scopes

1. Stay in the same app and navigate to the Okta API Scopes tab

2. Grant the following scopes:

   • okta.users.read
   • okta.groups.read

   

Generate an API Token

1. In the Admin Console, go to Security → API → Tokens
2. Click Create Token
3. Name the token
4. Click Create Token

5. Copy the token immediately—it is shown only once

Copy Your Okta Domain

Your Okta Domain is shown in the upper-right corner of your dashboard (e.g., yourdomain.okta.com). This will be used as the base domain for API communication.

Configure the Integration in Timus Manager

• Go to Settings → Integrations
• Click ⚙️ → Manage on the Okta card
• Fill in the following fields:
  • Client ID
  • Client Secret
  • API Token
  • Okta Domain
• Click Save to activate the integration

Configure Group Mapping & Site Access

1. Go to the Preferences tab
2. Toggle Synchronization Status to ON
3. Under Groups on Okta, select the groups to sync
4. Under Allowed Sites, choose the sites these users can access
5. Enable Remote Access per site
6. Click Save to confirm preferences

Post-Sync Behavior

• Synced users appear under Users & Teams → Users
• Users are automatically added to the Okta ID Users team
• Group assignments are re-evaluated during each sync cycle
• Manual team changes remain unless overwritten by group sync logic

Disable the Integration

To turn off the integration:

1. Go to Settings → Integrations
2. Click ⚙️ → Disable on the Okta ID card

Disabling the integration will:

• Stop all synchronization jobs
• Retain already synced users and their team memberships
• Remove group-based mappings

🔐 Security & Data Handling

• All communication uses OAuth 2.0 over HTTPS
• Your Client ID, Client Secret, API Token, and Domain are encrypted at rest
• Timus performs read-only API operations; it does not modify user data in Okta
• You may revoke API tokens at any time from the Okta Admin Console

Updated July 15, 2025 02:56