User and group provisioning for Okta is generally available
We’re pleased to announce that user & group provisioning for Okta is now generally available. You can sync group membership and deactivated users from Okta, and refer to a synced group as part of an access rule in your tailnet policy file.
Onboarding and offboarding are two of the most challenging operational issues that companies face today. When employees are hired, change teams, or exit, admins usually must complete a manual process to update permissions or deactivate the user. That’s why we’re making it easier to manage users and devices by syncing directly with your identity provider — in this case, Okta!
With user & group provisioning for Okta, admins can select groups that have been predefined in Okta and automatically push those groups to Tailscale — including any changes made to the group’s name and users. Groups defined in Okta can be referenced directly in access rules in your tailnet policy file, and those groups stay up to date with changes to the organization; this eliminates the need for manual inputs when employees change teams or join or leave groups.
Read the documentation to learn more or set it up.