User import and synchronization
If you use Okta or Microsoft Entra ID as an authentication and identity provider in your organization, you can configure import of users and group synchronization with IDE Services. This feature allows you to keep IDE Services in line with the identity provider, ensuring that employees have the appropriate access based on their position in the organizational structure.
Configure import of users and groups from Okta
As a prerequisite, make sure that you have Okta configured as an OAuth 2.0 provider for your server.
Copy group identifiers
Open the Okta Admin Console in your browser and log in using your Okta account.
From the main menu, select . There, you can create new groups or view the details of existing ones.
Copy and save identifiers of the groups you want to import. For this purpose, click the name of a specific group and find its identifier in the URL. For example, in this URL
https://exampletenant.okta.com/admin/group/00g5j4jojlGZMzfhM697, the group ID is00g5j4jojlGZMzfhM697.
Generate an API token
In the Okta Admin Console, go to and navigate to the Tokens tab.
Click Create token.
In the dialog that opens, provide a token name and click Create token.
Copy and save the generated value.
Update your server configuration file
Add the following configuration to your server configuration file:
tbe: users: import: enabled: true provider: 'okta' activate-provisioned-users: true url: 'https://exampletenant.okta.com' token: 'SSWS <APItoken_value>' schedule: '0 */10 * * * *' mapping: groups: - '<groupID1>' - '<groupID2>' admin-groups: ['<groupID1>']ides: config: configCustomization: { tbe: users: import: enabled: true provider: 'okta' activate-provisioned-users: true url: 'https://exampletenant.okta.com' token: 'SSWS <APItoken_value>' schedule: '0 */10 * * * *' mapping: groups: - '<groupID1>' - '<groupID2>' admin-groups: ['<groupID1>'] }For more details, refer to User import.
Start your IDE Services Server.
Configure import of users and groups from Microsoft Entra ID
As a prerequisite, make sure that you have Microsoft Entra ID configured as an OAuth2 provider for your server.
Configure API permissions
Open the Microsoft Entra admin center in your browser and log in using your account.
Go to and open the IDE Services application overview.
From the menu on the left, select API permissions.
Click Add a permission. Then select .
Find and add the following application permissions:
Group.Read.All,GroupMember.Read.All,User.Read.All.
Copy group identifiers
In the Microsoft Entra admin center, navigate to . There, you can create new groups or view the details of existing ones.
Copy and save identifiers of the groups you want to import. For this purpose, click the group name to view its details and copy the value of the
Object ID
Update your server configuration file
Add the following configuration to your server configuration file:
tbe: users: import: enabled:true provider: 'entra' url: 'https://graph.microsoft.com' login-max-delay: 2s schedule: '0 */15 * * * *' mapping: groups: - '<object_id_of_group1>' - '<object_id_of_group2>' admin-groups: ['<object_id_of_group1>']ides: config: configCustomization: { tbe: users: import: enabled: true provider: 'entra' url: 'https://graph.microsoft.com' login-max-delay: 2s schedule: '0 */15 * * * *' mapping: groups: - '<object_id_of_group1>' - '<object_id_of_group2>' admin-groups: ['<object_id_of_group1>']For more details, refer to User import.
Start your IDE Services Server.
Synchronize user and group details
IDE Services periodically checks and synchronizes user and group details with the identity provider. The synchronization schedule depends on the value of the tbe.users.import.schedule property set in your server configuration file.
In case you need to synchronize the information faster, you can initiate the process manually:
In the IDE Services Web UI, navigate to the page.
In the top right corner of the screen, click Synchronize users.
