Hi,
I’m currently working on an integration between Okta and Github so that we can control the Github teams by connecting them to Okta groups. The Okta groups are synchronized from the company’s AD, so we only configure the Github teams to be linked to Okta groups using Terraform and members are managed at the organization.
This configuration is giving us trouble as any reorganization of the company just leaves our groups empty. Modifications are done in one go and can modify many different groups. There is no notification system, so whenever this happens, we need to hurry to create the new Github teams, assign them the new groups and, the worst part, assign repositories to the teams so developers don’t lose their ability to work.
We want to decouple the AD from Okta in a way that our team manages the migrations. Our idea is to synchronize only new teams and their members but keep removed ones so that we can handle the migration of the repositories gracefully. Once the migration is finished, we would synchronize the removed ones so that they are deleted automatically from Okta.
I was reading the documentation but I don’t see a feature like this. I only see the notion of import safeguards but that works on a set threshold. That’s not good enough for us.
Is there any other feature we can use or another approach to handle this situations?
Thanks.