Search code examples
jenkinsautomationoktajenkins-cliokta-api

Create Okta user via Okta API in Jenkins

Question

I am running Jenkins for job automation and using Okta for authentication. I would like to create a Jenkins job that I can run on demand to create a user in Okta. The user will have the the attributes required by Okta: email, username, etc.

How can I accomplish this in Jenkins?

Solution

  • Initial Setup

    I wrote a Jenkinsfile that will create an Okta user via the Okta API Documentation. Before you can run this script you need to install the following plugin's in Jenkins.

    After installing the aforementioned plugins you will need to create an Okta API Token and save it in Jenkin's Credential Manager of kind Secret Text ( and give it an ID of okta-api-token ).

    Proof-of-Concept

    The following is a proof-of-concept Jenkinsfile that will use the following plugins to create a user in Okta

    pipeline {
    
    agent {
        label 'master'
    }
    
    options {
        buildDiscarder( logRotator( numToKeepStr: "30" ) )
    }
        
    parameters { 
        string(name: 'firstName', description: 'New users first name') 
        string(name: 'lastName', description: 'New users last name') 
        string(name: 'email', description: 'New users email') 
        string(name: 'mobilePhone', description: 'New users phone') 
        password(name: 'password', description: 'Enter Password')
    }
    
    environment {
        oktaDomain = "yourdomain.com"
    }
    
    stages {
        
        stage('Execute') { 
            steps {
                script {
                    
                    // Create payload based on https://developer.okta.com/docs/reference/api/users/#request-example-3
                    def payload = """
                        { "profile":{"firstname": "$firstName","lastNAme": "$lastName","email": "$email","login": "$email","mobilePhone": "$mobilePhone"}, "credentials": { "password:{ "value": "$password"}}}
                    """
                    
                    // Send HTTP Post request with API Token saved in credential manager
                    withCredentials([string(credentialsId: 'apiToken', variable: 'okta-api-token')]) {
                        def response = httpRequest( 
                                        acceptType: 'APPLICATION_JSON', 
                                        contentType: 'APPLICATION_JSON', 
                                        httpMode: 'POST', 
                                        requestBody: payload, 
                                        url: "https://${oktaDomain}/api/v1/users?activate=true", 
                                        customHeaders: [[Authentication: "SSWS ${apiToken}"]]
                                    )
                    }
                    
                    def json = readJSON text: response.content
                    
                    echo json['id']
                        
                }
            }
        }
    }
    
    
    post {
        changed {
            emailext subject: 'Your Okta user has been created',
                body: 'Your Okta user has been created',
                replyTo: '$DEFAULT_REPLYTO',
                to: "$email"
        }
    }
}

    Assuming you followed the steps listed above you should only need to change the oktaDomain variable to your Okta domain.