NSWDPC\Authentication\Okta\OktaAppUserSync
Synchronises the users assigned with the application
Synopsis
class OktaAppUserSync
{
- // constants
- const APPUSER_SCOPE_USER = 'USER';
- const APPUSER_SCOPE_GROUP = 'GROUP';
- // members
- private Client|null $client = NULL;
- private bool $dryRun = false;
- private string $start = '';
- private array $report = ;
- protected HttpClient $httpClient = NULL;
- // methods
- protected void getClient()
- protected void getClientId()
- public array getReport()
- public array getSuccesses()
- public array getFailures()
- public void run()
- private void getAppUsers()
- private void collectAppUsers()
- protected void processAppUsers()
- private void collectUserGroups()
- protected void processAppUser()
- private void sanitiseProfileValue()
- public ArrayList getStaleOktaMembers()
- public int removeStaleOktaMembers()
- // Inherited methods from OktaGroups
- protected array oktaUserMemberGroupAssignment()
Hierarchy
Constants
Name | Value |
---|---|
APPUSER_SCOPE_USER | 'USER' |
APPUSER_SCOPE_GROUP | 'GROUP' |
Members
private
- $client — \Okta\Client|null
- $dryRun — NSWDPC\Authentication\Okta\bool
- $report — array
- $start — string
protected
- $httpClient — NSWDPC\Authentication\Okta\HttpClient
Methods
private
- collectAppUsers() — Get all appusers based on configuration
- collectUserGroups() — Collect all groups for a user
- getAppUsers() — Collect all app users via pagination method
- sanitiseProfileValue() — Ensure that a profile has HTML removed
protected
- getClient() — Get the configured {@link \Okta\Client}, if not available create it from configuration
- getClientId() — Client ID for the application being synchronised
- processAppUser() — Process a single app user return in the collection AppUser profile vs User profile https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-about-profiles.htm
- processAppUsers() — Process the collection of application users
public
- getFailures() — Return the failed sync attempts, array of okta user id values
- getReport() — Return the sync report, which is an array, keys are Okta User Ids, each value is an array of changes performed on that user Report is only gathered in dryRun mode
- getStaleOktaMembers() — Returns a list of stale members, which could be empty! Members with a CMS_ACCESS permission are not returned
- getSuccesses() — Return the users successfully sync as an array, keys are Okta user ids, values is the match Member.ID
- removeStaleOktaMembers() — Remove any member that is consider a stale Okta user
- run() — Run the sync processing
Inherited from NSWDPC\Authentication\Okta\OktaGroups
protected
- oktaUserMemberGroupAssignment() — Given an array of Okta groups found for an user, assign those groups to the Member If the member already has Okta groups, remove those not found in $groups