Identity Platform Okta Provisioning

Pipeline Overview

accessctl GitLab CI/CD Pipeline Jobs

Provisioning Stage

GitLab Self-Managed Instance API

GitLab.com SaaS API

Google Workspace Directory API

Okta API

Stage 3.5
GitLab Self-Managed Groups Job
provision:gitlab-self-groups

Stage 3.1
Okta Users Job
provision:okta-users

Stage 3.2
Okta Groups Job
provision:okta-groups

Stage 3.3
Google Groups Job
provision:google-groups

Stage 3.4
GitLab SaaS Groups Job
provision:gitlab-saas-groups

Auditlog Stage

Stage 2.1
Users Job
CLI auditlog:users

Stage 2.2
Attributes Job
CLI auditlog:attributes

Stage 2.3
Roles Job
CLI auditlog:roles

Stage 2.4
Org Units Job
CLI auditlog:ou

Manifest Stage

Stage 1.1
Users Job
CLI manifest:users

Stage 1.2
Roles Job
CLI manifest:roles

Stage 1.3
Org Units Job
CLI manifest:ou

accessctl GitLab Repositories

accessctl-inventory Repo

auditlog

auditlog/users/
onboarding.yml/json/csv

auditlog/users/
offboarding.yml/json/csv

auditlog/users/
attributes.yml/json/csv

auditlog/attribute/
{attribute}.yml/json/csv

auditlog/role/
{role}.yml/json/csv

auditlog/ou/
{ou}.yml/json/csv

manifests

manifests/users/
users.yml/json/csv

manifests/attributes/
{attribute}.yml/json/csv

manifests/roles/
{role}.yml/json/csv

manifests/ou/
{ou}.yml/json/csv

accessctl-policies Repo

policies/role/{kingdom}.yml

policies/ou/{kingdom}.yml

CI/CD Job Workflows for Okta

Identity SaaS Vendor Services

Identity Platform CI/CD Provisioning State Scripts

Identity GitLab Repositories

Okta GitLab Tenant

accessctl-inventory Repo

manifests/users/
users.yml/json/csv

manifests/roles/
{role}.yml/json/csv

manifests/ou/
{ou}.yml/json/csv

Stage 3.1
Okta Users Job
provision:okta-users

Stage 3.2
Okta Groups Job
provision:okta-groups

Get All Users
from Okta API

Compare user manifest
with API results to check for
rbac_role differences

Update Okta users with
updated rbac_role attribute

Parse Manifest

Get rbac_* groups from Okta API

Check if group exists

Create group

Delete group

Check if manifest users exist in Okta Group Users API

Attach user to group
if does not exist

Detach user from group
if no longer in policy

Create Audit Log entry in S3 bucket

Audit Transaction
REST API Call to accessctl
for automation workflows

Okta Users

Okta Groups

Okta Group Users

Okta API
Unsupported markdown: link

Last modified November 14, 2024: Fix broken external links (ac0e3d5e)