Are the people you want to assign not supposed to be in any Ou?
đź—¨ Link to Slack thread
Are the people you want to assign not supposed to be in any Ou?
Userlevel 3
+3
Userlevel 2
+5
They’re supposed to be in a wide variety of OUs. I’m assigning an entire org to their G Suite, so potentially up to 10ish OUs.
Userlevel 2
+5
I had previously just been using individual assignments in Okta but group assignments is way cleaner.
Userlevel 2
+5
Plus if I do group assignments then I can’t do OU changes with BC workflows unless I unassign them in okta in an earlier step?
Userlevel 2
+5
I guess people probably use more granular group assignments but my situation is just a little more macro than that.
Userlevel 3
+3
That's a very interesting use case - because usually someone is part of one OU consistently, but different groups.
Userlevel 2
+5
yeah… It’s not that I don’t have groups for the same OU categories - they are just more flexible. Folks are allowed to stay in the PDX group even if they move away. But you can only be in one OU.
Userlevel 2
+5
Plus with the posting permissions of those groups… our leadership is in all of them. What would Okta do with that? lol I can just see the admin log confusion now….
Userlevel 3
+3
Hmm....I guess you could just have it where Okta doesn't update GSuite and have BC handle that part?
Userlevel 3
+3
Okta creates the account in an initial group, but doesn't update it after that
Userlevel 2
+5
But then the directory won’t update profile changes….
Userlevel 3
+3
this is true...so in an ideal world you want Okta to just update the user profile but NOT update the OU setting for users?
Userlevel 2
+5
OU isn’t a profile field I can use, though, I don’t think.
Userlevel 3
+3
correct - I don't think it is either.
Reply
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.