Inviting New Users with Okta
Inviting a new user to DataGrail with Okta is as easy as assigning the DataGrail application to the user within Okta. Contact your Okta administrator requesting access to the DataGrail application and they will be able to get the new user added.
Inviting Users With Standard Okta Configuration
Any new user assigned the DataGrail app within Okta will be be able to login immediately.
New users will be assigned a default user role. Learn more about managing roles and permissions in DataGrail here.
Inviting Users With Just-in-Time Provisioning (JIT)
With Just-in-Time Provisioning enabled, all user roles must be managed directly in Okta. To add a new user to DataGrail:
- Select Directory > People and find the user you would like to add.
- Assign the User the DataGrail application.
- Select the Profile tab and then edit the User's attributes.
- Scroll down to the datagrail_roles attribute and enter the desired role(s):
- This attribute expects a JSON-array formatted string. Specifically, it should start and end with [ and ], and the strings should be surrounded by a double-quote (“). The values are case-sensitive.
- Select Save. The user can now log in to DataGrail and will be assigned the role(s) defined in step 4. Any changes to DataGrail roles must be managed in Okta.
DataGrail Role Mappings
| String | Role Type |
|---|---|
| admin | Super Admin |
| connections | Connections Manager |
| content_manager | Content Manager |
| approver | Request Approver |
| request_agent | Request Agent |
| compliance_lead | Request Admin |
| live_data_map_admin | Live Data Map Admin |
| inventory_manager | Inventory Manager |
| risk_monitor_admin | Risk Monitor Admin |
For more information on the specific permissions associated with each role: Managing Roles and Permissions in DataGrail.
Inviting Users With Okta Group Provisioning
With Group Provisioning enabled, all user roles must be managed directly in Okta. To invite a new user, just assign them the DataGrail app! Please ensure the user is associated with a group that maps to a role in DataGrail.
If you would like to change a user's role, simply update their Okta group and the changes will take effect on their next login.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.