Install the Okta Provisioning Agent

Before configuring on-premises provisioning for an app, install the Linux or Windows Okta Provisioning Agent. You can connect your Okta Provisioning Agent to multiple on-premises apps, but you must provide a unique SCIM server URL for each app.

Linux

  1. Enable the Transport Layer Security 1.2 protocol.
  2. In the Admin Console, go to SettingsDownloads. Click Download Latest for the Okta Provisioning Agent (x64 RPM).

    Alternatively, on your app instance page, go to the Provisioning tab and then click Download Provisioning Agent.

  3. Optional. Generate the file hash (SHA-512) and confirm the file size to help verify the integrity of the Okta Provisioning Agent file:
    1. Sign in to the Linux server where you downloaded the Okta Provisioning Agent and use this command to generate the file hash (SHA-512) for the Okta Provisioning Agent:

    sha512sum setup.rpm

    Replace setup.rpm with the file path of the Okta Provisioning Agent you downloaded in step 1.

    1. Use this command to determine the file size of the Okta Provisioning Agent:

    ls -l setup.rpm

    Replace setup.rpm with the file path of the Okta Provisioning Agent you downloaded in step 1.

    1. In the Admin Console, go to SettingsDownloads.
    2. Scroll down to the Okta Provisioning Agents area and compare the file hash and file size information you obtained in steps a and b with the information displayed for the Okta Provisioning Agent (x64 RPM).
  4. When the Okta Provisioning Agent is downloaded, sign in as root to your Linux server.
  5. Copy the Okta Provisioning Agent .rpm file to a scratch directory, and then cd to that directory.
  6. Install using yum by entering the following:

    7. yum localinstall <package name>

    For example, yum localinstall OktaProvisioningAgent*.rpm

  7. When you are prompted to continue, enter y.
  8. After the installation succeeds, copy the command on your screen and run the script as root:

    9. sudo /opt/OktaProvisioningAgent/configure_agent.sh

When the Okta Provisioning Agent agent is installed, the OktaProvisioningAgent process identification number (.pid) file is created at this path /var/run and not /var/run/OktaProvisioningAgent/.

  1. Enter the URL of you org at the prompt (for example: https://mycompany.okta.com).
  2. In your browser, go to the URL that you are provided, and sign in with your username and password.
  3. To enable the Okta Provisioning Agent to access the Okta API, click Allow Access.

    4. Note: If you haven't enabled TLS 1.2 protocol or are using an earlier version, see Enable the Transport Layer Security 1.2 protocol.

  4. Return to the command line. After you receive a successful configuration message, copy and enter the command:

    5. service OktaProvisioningAgent start

  5. To confirm that the Okta Provisioning Agent is running, enter the following:

    6. service OktaProvisioningAgent status

Windows

  1. Enable the Transport Layer Security 1.2 protocol.
  2. In the Admin Console, go to SettingsDownloads.
  3. Click Download Latest for the Windows Okta Provisioning Agent.
  4. Optional. Generate the file hash (SHA-512) and confirm the file size to verify the integrity of the Okta Provisioning Agent file:
    1. Open a command prompt and use this command to generate the file hash (SHA-512) for the Okta Provisioning Agent:

    CertUtil -hashfile setup.exe SHA512

    Replace setup.exe with the file path of the Okta Provisioning Agent you downloaded in step 2.

    1. Browse to the location where you downloaded the Okta Provisioning Agent, right-click the file, select Properties, record the value displayed in the Size field, and click OK.
    2. In the Admin Console, go to SettingsDownloads.
    3. Scroll down to the Okta Provisioning Agent area and compare the file hash and file size information you obtained in steps a and b with the information displayed for the Okta Provisioning Agent (Windows x64 EXE).
  1. Launch the installer, and then click Next.
  2. In the License Agreement dialog box, click Next.
  3. Optional. Change the installation folder, and then click Install.
  4. Enter your Okta Customer Domain URL, and then click Next.

When the Okta Provisioning Agent agent is installed, the OktaProvisioningAgent process identification number (.pid) file is created at this path /var/run and not /var/run/OktaProvisioningAgent/.

  1. In your browser, sign in to your org.
  2. Grant permission to access the Okta API by clicking Allow Access.
  3. Return to the installer, and then click Finish.
  4. Sign in to Okta.

    5. Note: If you haven't enabled TLS 1.2 protocol or are using an earlier version, see Enable the Transport Layer Security 1.2 protocol.

  5. In Admin Console, select Agents. Verify that the configured Okta Provisioning Agent is in the list.

Next steps

Create an instance of your on-premises app in Okta