# Okta Groups Sync

We support manual Okta groups sync. The superAdmin group member can trigger the group sync by clicking on **Sync Okta Groups** on the User Groups tab.

## Credentials required for group sync

unSkript pulls the Okta groups info by using Okta API Token. We would need the following piece of information to configure API access to Okta

* **Tenant URL** - This is the url to your Okta domain, in the form `https://acme.okta.com`
* **API Token** - This should be generated by an Okta user who has **Read** access right to Applications and Groups Okta API. To generate API token, go to **Security->API->Tokens->Create token**
* **APP ID** - This is the ID of the Okta SAML application which was used during configuration of Okta as IDP for Auth0. On the Okta Admin panel, 
  * Go to **Applications->Application**
  *  Click on the Okta SAML application, configured for unSkript.
  * The app ID is present in the url as shown below<br>

    <figure><img src="/files/hIAFC6vldppYZgFpLwRz" alt=""><figcaption></figcaption></figure>
* On unSkript, go to **More->Settings->Okta API Access** and fill in the info collected above.

<figure><img src="/files/EGhvpkPiXJbZ4ZUrz0t2" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/eDdfs1Tn3W3eHXt8fhV4" alt=""><figcaption></figcaption></figure>

* With the Okta group sync enabled, users **CANNOT** create groups inside the unSkript app.
* To trigger the Okta groups sync, go to **More->User Management->User Groups** and click on **Sync Okta Groups**. These groups can be assigned unSkript roles as explained here[Role Based Access Control](/unskript-documentation/tooling/role-based-access-control.md)
* However, users still need to be invited to the unSkript app, by the admin. Go to **More->User Management->Invite User**. Since the groups are already pulled in from Okta and unSkript has the user->group mapping, user will get the role corresponding to the Okta groups, user is part of.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.unskript.com/unskript-documentation/guides/getting-started/authentication/okta-configuration/okta-groups-sync.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.