Keeping SAP Enable Now SSO accounts synced with Okta IdP
In addition to my previous blog post about syncing SAP Enable Now Cloud user accounts with MS Azure AD, this one will explain, how one can do it with Okta IdP. I’ll try my best to keep it short and crisp. 😉
So, the script has been updated, and now it supports MS Azure AD and Okta. Also, the information about deactivated SAP Enable Now accounts is being saved to the log file, and one will always see who end when was deactivated by the script.
Setup Steps in Okta
Login to your Okta Portal Administration Interface, navigate to Security – API, and select the Tokens Tab. Then click the Create Token button. The script uses the Core Okta API and retrieves the information only from the Users API. As Okta grants the API Token the same permissions as the administrator has who created this token, then for security reasons it makes a perfect sense to generate this token being logged in with the Administrator account who has lesser permissions than the Super Admin. Please find a link to the official Okta guide about creating API Tokens.
Save the API Token Secret, as you won’t be able to retrieve it again! To connect to the Okta Users API the script needs the Token Secret, and your Okta URL.
Setup Steps in the Script
Step 1. Download the script from the GitGub repository
Step 2. In the script’s root folder find the .env file and add the information there about your Okta IdP and SAP Enable Now systems. Do not modify variable names.
- OKTA_URL – Your Okta URL
- OKTA_KEY – API Token Secret that you created earlier
- SEN_URL – Your SAP Enable Now system URL
- SEN_USER – Your local SAP Enable Now Account with permissions to manage user accounts.
- SEN_PWD – Password for the SAP Enable Now account.
Step 3. Select the scheduled run time for the script in the index.js file. It’s in 24 hr format. For testing purposes, set it 1-3 mins ahead of your current time.
Step 4. Run the npm package manager from the script root directory to get the required dependencies
Step 5. Run the script using the command
node . --sync okta
Step 6. If all parameters in the .env file were set correctly, enjoy the result in the console
as well in the senSync.log file that is located in the logs folder
Finally, the account status in the SAP Enable Now is always synced with your Okta (or MS Azure AD).
Stay curious 😉