Versions Compared

Old Version 1

changes.mady.by.user Hugo Fournier

Saved on

compared with

New Version 2

changes.mady.by.user Hugo Fournier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Target

This guide is intended for organizations with ellie.ai integrated to their Okta platform.

...

  1. Sign in with your Okta super admin account

  2. Create a new custom admin role

    1. Go to Security > Administrators

    2. Go to Roles tab

    3. Click on Create a new role

    4. Fill in a name (i.e. view-users-and-groups-only)

    5. Fill in a description (i.e. “Lets the admin view users and groups details”)

    6. Check in User permissions: “View users and their details”

    7. Check in Group permissions: “View groups and their details”

    8. Click on Save role

  3. Create a new resource set (More informations about resource sets below)

    1. Go to Security > Administrators

    2. Go to Resources tab

    3. Click on Create a new resource set

    4. Fill in a name (i.e. ellie-groups)

    5. Fill in a description (i.e. “Constrains to ellie.ai groups only”)

    6. Define the first resource

      1. In Resource type select “Users”

      2. In Group names select all groups assigned to your ellie.ai application (there should be only one group: “ellie”). This group selection will define the list of users ellie.ai can view (it should mirror the list of users assigned to the ellie.ai application).

    7. Click on Add another resource type

    8. Define the second resource

      1. In Resource type select “Groups”

      2. Check “Constrain to all groups” (Recommended, otherwise you will likely have to update this resource type every time you want to change your mapping between groups and ellie.ai roles)

      3. Otherwise, in Group names select the groups ellie.ai can view (i.e. “ellie-read”, “ellie-write”, “ellie-admin” and “ellie”)

    9. Click on Save resource set

  4. Downgrade our ellie.ai custom account to our newly created custom admin role

    1. Go to Security > Administrators

    2. Go to Admins tab

    3. Find the ellie.ai custom account in the list

    4. Click on Edit assignments in the Edit dropdown

    5. In Role replace “Read-only Administrator” with the newly created custom role (from step 9)

    6. In Resource set select the newly created resource set (from step 10)

    7. Make sure there is only one role left in the assignments list

    8. Click on Save Changes

...

Ellie.ai will only use {{url}}/api/v1/users/{{userId}}/groups which correspond to an intersection of both scopes. However keep in mind that you are actually giving access to the union of both scopes (view only).

Examples

In purple: what the API token gives access to on the user scope (view only).
In blue: what the API token gives access to on the group scope (view only).
In violet: what ellie.ai is actually going to view (intersection of both scopes).
In rose: what the API token does not have access to on their respective scope.

...