Using Okta Webhooks for Live Group Updates

Last updated: February 12, 2025

Background

Enabling Okta Webhooks for group updates in your Lumos tenant ensures that changes to groups and group memberships are automatically and instantly available in Lumos. No more waiting for a full sync to run. 🏃‍♀

This guide will walk you through configuring Okta Webhooks for your Lumos Okta tile.

Requirements

  • You must have permissions in Okta to edit your Lumos tile

  • You must be an Organization Admin in Lumos. See Lumos Roles

  • You must have integrated Okta in your Lumos tenant. See Connecting Okta

Supported Features

Groups

  • Group created

  • Group updated

  • Group deleted

  • User added to group

  • User removed from group

  • App added to group

  • App removed from group

Limitations

Lumos will only sync group memberships in real-time for Okta users that have already been discovered by the Lumos system. If a user was recently added to Okta, it may take up to 24 hours for them to appear in Lumos.

Configuration Steps

1. Generate a Lumos API key

In Lumos, navigate to Settings > API Tokens and generate a new API token.

Once you've generated this token, hold on to it until a later step. Do not share this token with anyone!

Screenshot 2024-01-04 at 11.15.14 AM.png

2. Add and Configure Lumos Okta Tile

In Okta Admin, navigate to Workflows > Event Hooks > Create Event Hook.

For Name, add a name of your choosing.

For URL, set it to "https://api.lumos.com/events/okta".

For Authentication field, set it to "Authorization".

For Authentication secret, set it to "Bearer <your auth token>".

For Subscribe to events, add the following events:

  1. Create Okta group

  2. Delete Okta group

  3. Okta group profile updated

  4. User added to group

  5. User removed from group

  6. Add assigned application to group

  7. Remove assigned application from group

  8. Update assigned application in group

It should look like the following:

Click Save & Continue.

Click Verify. It should display a success message:

3. Good to go!

Changes to groups in Okta should now be reflected in Lumos in about 10 seconds. You can verify this by assigning a user to a group in Okta, then checking the group memberships in the Apps page for Okta.

 

More Help Needed? Message us!

We are more than happy to assist with any issues you may run into while configuring Okta webhooks. Please reach out to your Lumos Customer Success Manager or message in your shared Slack channel for help configuring and debugging this.