Skip to Content
Technical Articles
Author's profile photo Anton Mavrin

Keeping SAP Enable Now SSO accounts synced with Okta IdP

In addition to my previous blog post about syncing SAP Enable Now Cloud user accounts with MS Azure AD, this one will explain, how one can do it with Okta IdP. I’ll try my best to keep it short and crisp. πŸ˜‰

So, the script has been updated, and now it supports MS Azure AD and Okta. Also, the information about deactivated SAP Enable Now accounts is being saved to the log file, and one will always see who end when was deactivated by the script.

Setup Steps in Okta

Login to your Okta Portal Administration Interface, navigate to Security – API, and select the Tokens Tab. Then click the Create Token button. The script uses the Core Okta API and retrieves the information only from the Users API. As Okta grants the API Token the same permissions as the administrator has who created this token, then for security reasons it makes a perfect sense to generate this token being logged in with the Administrator account who has lesser permissions than the Super Admin. Please find a link to the official Okta guide about creating API Tokens.

API%20token%20in%20Okta%20created%20and%20active

API token in Okta created and active

Save the API Token Secret, as you won’t be able to retrieve it again! To connect to the Okta Users API the script needs the Token Secret, and your Okta URL.

Setup Steps in the Script

Step 1. Download the script from the GitGub repository

Step 2.Β In the script’s root folder find the .env file and add the information there about your Okta IdP and SAP Enable Now systems. Do not modify variable names.

  • OKTA_URL – Your Okta URL
  • OKTA_KEY – API Token Secret that you created earlier
  • SEN_URL – Your SAP Enable Now system URL
  • SEN_USER – Your local SAP Enable Now Account with permissions to manage user accounts.
  • SEN_PWD – Password for the SAP Enable Now account.

.env%20with%20required%20parameters

.env with required parameters

Step 3. Select the scheduled run time for the script in the index.js file. It’s in 24 hr format. For testing purposes, set it 1-3 mins ahead of your current time.

The%20script%20is%20scheduled%20to%20run%20daily%20at%202%20AM

The script is scheduled to run daily at 2 AM

Step 4. Run the npm package manager from the script root directory to get the required dependencies

npm install

Step 5. Run the script using the command

node . --sync okta

Step 6. If all parameters in the .env file were set correctly, enjoy the result in the console

Script%20cycle%20concluded

as well in the senSync.log file that is located in the logs folder

Script%20log%20file

Finally, the account status in the SAP Enable Now is always synced with your Okta (or MS Azure AD).

Stay curious πŸ˜‰

Anton.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.