Integrating Your Identity: How to Sync directory.do with Azure AD and Okta

In today's complex IT landscape, managing user identities is a constant battle. Your official identity provider (IdP), like Azure Active Directory or Okta, serves as the gatekeeper. But what about the intricate web of teams, reporting lines, project groups, and application-specific roles? This is where "identity drift" happens—a user is deactivated in Azure AD, but their access to a dozen SaaS tools lingers, creating security gaps and operational headaches.

The problem isn't the IdP; it's the lack of a central, programmable layer to manage the structure of your organization. This is the core principle behind directory.do: managing your entire organizational directory as code.

By treating your org chart, teams, and access policies as code, you gain version control, automation, and unparalleled consistency. The crucial first step in this journey is creating a single source of truth. This post will guide you through the why and how of syncing directory.do with leading identity providers, Azure AD and Okta.

Why Sync Your IdP with directory.do? The Power of a Single Source of Truth

Syncing your primary IdP is more than just importing a list of users. It’s about laying the foundation for a robust, automated identity management system.

• Establish a Foundational Layer for "Directory as Code": Your IdP knows who your users are. By syncing them into directory.do, you can then overlay the rich, structural data—reporting lines, team memberships, and dynamic groups—that you define as code. This combination is the essence of Directory as Code.
• Eliminate Identity and Access Drift: When directory.do is synced with your IdP, it acts as the central orchestrator. A change in Azure AD or Okta (like a new hire or a termination) is immediately reflected in directory.do, which can then trigger agentic workflows to provision or de-provision access across all connected services, ensuring perfect alignment.
• Unlock Powerful, Agentic Automation: The sync is the trigger for automation. Imagine a new user is added to the "Marketing" group in Okta. An agent in directory.do instantly detects this, adding them to the correct Mailchimp audiences, Google Drive folders, and Asana projects, all without a single manual click.
• Enrich Your Organizational Context: IdPs are built for authentication, not for representing complex organizational structures. directory.do allows you to model your company exactly as it operates—with project teams, squads, and dotted-line managers. Syncing provides the base identities, which you then enrich with this granular, code-defined context.

How to Sync directory.do with Azure Active Directory

Azure AD is the identity backbone for millions of organizations. Connecting it to directory.do is a straightforward process designed for security and efficiency.

Step 1: Register an Application in Azure AD

First, you need to grant directory.do permission to read your directory data securely.

1. Navigate to a App Registrations in your Azure AD portal.
2. Create a New registration for directory.do.
3. Under API permissions, grant delegated permissions like User.Read.All and Group.Read.All. This follows the principle of least privilege, ensuring directory.do only has the read-access it needs.
4. Generate a Client Secret in the "Certificates & secrets" section. Securely copy the Client ID, Tenant ID, and the newly created Client Secret.

Step 2: Configure the Sync in directory.do

With your credentials in hand, head over to your directory.do dashboard.

1. Go to the Integrations or Data Sources section.
2. Select Azure Active Directory.
3. Enter the Client ID, Tenant ID, and Client Secret you obtained from the Azure portal.
4. Define your sync preferences, such as the sync frequency and which users or groups to include based on Azure AD group membership.

Step 3: Map, Manage, and Automate

Once the connection is live, users and groups from Azure AD will begin populating your directory.do instance. Now, you can leverage the "as code" model to map attributes and define relationships that go beyond what Azure AD provides, creating a rich, structured directory ready for automation.

How to Sync directory.do with Okta

For organizations using Okta as their central identity hub, the integration process is just as simple and powerful.

Step 1: Create an API Token in Okta

You'll start by creating a dedicated, read-only token for directory.do within your Okta admin console.

1. In your Okta dashboard, navigate to Security > API.
2. Go to the Tokens tab and click Create Token.
3. Name it something descriptive, like "directory.do Sync".
4. Okta will generate a token value. Copy this immediately, as it will not be shown again. This token grants directory.do the necessary access to read your user and group information.

Step 2: Connect Okta in the directory.do Dashboard

Next, you'll plug these credentials into directory.do.

1. In the directory.do Integrations section, choose Okta.
2. Enter your Okta Domain (e.g., your-company.okta.com) and the API Token you just created.
3. Save the configuration to establish the secure connection.

Step 3: Define Sync Rules and Build Your Directory

directory.do will now begin its initial sync. You can configure rules to import specific users and groups and map Okta profile attributes directly to your directory.do schema. For instance, you can map Okta's manager attribute to populate the hierarchical manager object within your directory.do user profiles, automatically building your org chart.

Beyond the Sync: Unleash Agentic Workflows

Connecting your IdP is just the beginning. The real power of directory.do is unleashed when you use this synchronized data to drive agentic workflows.

• Automated Onboarding: A new user appears in your synced directory. An agentic workflow can kick off automatically to create their email signature, add them to the "all-employees" group, and assign them to their manager's team, ensuring they have day-one access to everything they need.
• Seamless Offboarding: A user is deactivated in Okta or Azure AD. The change syncs to directory.do, triggering a workflow that revokes access from every integrated system, reassigns their direct reports to their manager, and archives their user data—all in a single, auditable process.
• Dynamic Access Control: A developer is promoted to "Engineering Manager." This title change, synced from your IdP, can trigger a workflow in directory.do to add them to the engineering-leads group, granting them access to project dashboards, budget approvals, and other privileged systems.

By integrating your primary identity provider with directory.do, you transform your static user list into a dynamic, programmable, and intelligent organizational directory. You eliminate manual errors, close security gaps, and finally achieve a true single source of truth for your entire organization.

Ready to stop chasing identity drift and start managing your organization as code? Explore directory.do and see how our developer-first API can streamline your identity management.