Assign Users to an Access Role
Upon account creation, we want to automatically grant a set of new Okta users access to specific Group Permissions in our BetterCloud instance.
This task can be automated with a Workflow if the custom Role has been preconfigured in your BetterCloud instance. When the ‘User Added to Group’ Okta alert has triggered, and the user is also added to the ‘Groups Management in BetterCloud’ group during or after creation, the Workflow will add the user to the custom ‘Groups Management Role” in BetterCloud and the IT Team will be notified via email.
Please note: this access to BetterCloud will only be granted into the newer platform (app.bettercloud.com). Custom Role-Based Privileges must be configured in BetterCloud and users can only access app.bettercloud.com if they are assigned to a role. These roles must be managed in BetterCloud separately from Google Admin Roles in admin.google.com and Access Controls in g.bettercloud.com.
Create a Role
Begin by creating a new custom Access Role specifically for these users in the new BetterCloud platform.
- Here we are omitting the “delete” permission in the role to prevent accidental data loss and all group deletions will go through a Super Admin.
Then proceed with scheduling their timed access by day and time:
1. ‘User Added to Group’ Okta Alert
The threshold of the ‘User Added to Group’ Okta system Alert is pre-configured to 0 in the Workflows Builder and cannot be updated in the Alerts Manager section of the platform. This alert will only trigger once the additional conditions within the Workflow have been met.
2. IF the Group Is....
Select the 'Group' in your Workflow's IF condition in order to target the user that is specifically moved into the Group created for the Groups Management Role in BetterCloud.
Here is an example below of how adding the group to the user’s account in Okta appears during the creation process.
In order to add a user to the Okta ‘Groups Management in BetterCloud’ group in your BetterCloud Workflow, the Group will need to be an ‘Okta Group’ for selection. You cannot add members to ‘App Groups’ within Okta and they can only be viewed within the BetterCloud Group Directory grid.
3. Add User to Access Role
Next, add the “Add User to Access Role” action to your Workflow, target the user added to the Okta group, and select the preconfigured BetterCloud Access Role. Groups Management role will give the users added to the ‘Groups Management in BetterCloud’ Okta group Create, Edit, and View access to Groups in the new BetterCloud platform.
4. Send Email to Group
And, lastly, add the “Send Email to Group” Google action to notify the IT Group that this user was assigned to the Groups Management role within BetterCloud.
- Use the To field of the Send Email to Group action to target the “IT Group”. And the Subject and Body fields to create a custom notification that will be sent automatically when a new Okta user is added to the Groups Management Role.
BetterCloud Reference Articles
- How to Create a Workflow
- Using an Alert as a Workflow Event
- Scheduling Roles
- Groups Overview
- Okta in BetterCloud