What prerequisites are needed before running the Terraform migration?

Custom attributes for each application must be manually created in the OneLogin admin UI before running the Terraform configuration, as this step cannot currently be performed through the API. Additionally, you need API credentials for both Okta (to extract applications) and OneLogin (for Terraform to provision resources), plus Spacelift or another Terraform automation platform configured with appropriate repository connections.

How does the solution handle custom SAML applications during migration?

The Ansible playbook automatically maps most applications to OneLogin connector IDs, but custom SAML applications require manual intervention. The demonstration shows editing the generated JSON inventory to add the generic SAML connector ID and SCIM provisioning connector ID for applications that weren't automatically mapped, using reference IDs from the vars file in the repository.

Migrating Applications from Okta to OneLogin with Terraform

Name: Migrating Applications from Okta to OneLogin with Terraform
Uploaded: 2026-05-08T19:18:59-04:00
Duration: 19 min 3 s
Description: Watch this video to see how to migrate applications from Okta to OneLogin via Terraform.

One Identity

05/08/2026

0 (0%)

Report Like Favorite

TL;DR

Demonstrates automated migration of 14 applications from Okta to OneLogin using Ansible for extraction, Terraform for provisioning, and Spacelift for deployment orchestration
Ansible playbook queries Okta API to generate JSON application inventory with auto-mapped OneLogin connector IDs, requiring manual adjustment only for custom SAML applications
GitOps workflow uses separate branches for dev/prod environments with Spacelift stacks, enabling testing in dev before promoting to production via pull request
Terraform automatically provisions delegated admin roles, allowing application owners to complete connector configuration without full admin access
Production deployment includes manual approval gate in Spacelift, with complete audit trail of who approved changes and when they were applied

Automated Application Migration Workflow

This technical demonstration walks through an end-to-end process for migrating identity applications from Okta to OneLogin using infrastructure-as-code principles. The workflow leverages Ansible for application extraction, Terraform for provisioning, and Spacelift for deployment orchestration across development and production environments. The presenter demonstrates migrating 14 applications from an existing Okta tenant into two OneLogin instances (dev and prod), showcasing how automation eliminates manual configuration work while maintaining governance controls through GitOps workflows and approval gates.

Environment Setup and Tooling

The solution architecture uses a public GitHub repository (automation-onelogin) containing reference Terraform configurations and Ansible playbooks. Two Spacelift stacks represent the dev and prod OneLogin environments, connected to test and main branches respectively in a private repository. An Ansible playbook extracts application metadata from Okta via API and generates a JSON inventory file that feeds directly into Terraform variables. Custom attributes for applications must be pre-configured in OneLogin's admin UI before running the automation, as this step cannot currently be performed through the API.

Delegated Administration and Production Promotion

The Terraform configuration automatically provisions application access roles and delegated admin permissions, enabling technical owners to complete application-specific configurations without full admin access. In the demonstration, a user named James receives delegated admin rights for two applications, allowing him to finalize OIDC settings and other connector details. Once testing completes in the dev environment, a GitHub pull request merges the test branch to main, triggering a Spacelift deployment to production with a manual approval gate. The entire migration process—from Okta extraction to production deployment—completes in minutes with full audit trails maintained in Spacelift.

Chapters

0:00 - Introduction and Architecture Overview
2:52 - Extracting Applications from Okta
5:02 - Configuring Terraform Variables
7:57 - Initial Deployment to Dev Environment
10:27 - Adding Application Owners
13:13 - Delegated Administration Demo
14:13 - Promoting to Production
17:07 - Production Approval and Deployment

Key Quotes

0:00 "Starting, we're going to go over how we can migrate applications from an existing Okta environment into OneLogin and how to do this with Terraform."
3:59 "This will communicate to the Okta API and extract the applications that are in that environment and create the application inventory file."
7:39 "All of the custom attributes related to each application, have already been set up in the target environment here. It's not currently possible to do this through the API."
8:34 "There were 210 resources added to the target environment, so our dev environment here."
13:22 "He has been given a delegated admin role for the one login application and the reflection application as well."
17:42 "We've got then a log in Spacelift of who approved that run and when it was confirmed and all the full audit trail, which is great."

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

05/12/2026

01:00 PM

05/12/2026

Transforming Black Box to Glass Box: Revealing Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-to-glass-box-revealing-hidden-threats-and-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Implementing Effective Strategies for Active Directory Security and Data Protection

https://www.truthinit.com/index.php/channel/1888/implementing-effective-strategies-for-active-directory-security-and-data-protection/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming Black Box to Glass Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-black-box-to-glass-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Its Lifecycle

https://www.truthinit.com/index.php/channel/1936/establishing-a-robust-ai-governance-framework-for-genai-throughout-its-lifecycle/
05/20/2026

10:00 PM

05/20/2026

APAC: Establishing an AI Governance Framework for GenAI Throughout the Deployment Process

https://www.truthinit.com/index.php/channel/1953/establishing-an-ai-governance-framework-for-genai-throughout-the-deployment-process/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/28/2026

10:00 AM

05/28/2026

Harnessing AI: Transforming Perception into Purposeful Mastery

https://www.truthinit.com/index.php/channel/1924/harnessing-ai-transforming-perception-into-purposeful-mastery/
05/28/2026

01:00 PM

05/28/2026

AI in the Fast Lane: Effectively Managing AI Security for Small Teams

https://www.truthinit.com/index.php/channel/1951/ai-in-the-fast-lane-effectively-managing-ai-security-for-small-teams/
06/02/2026

01:00 PM

06/02/2026

Satori Spring: Insights from Recent Research on the 2026 Threat Landscape

https://www.truthinit.com/index.php/channel/1930/satori-spring-insights-from-recent-research-on-the-2026-threat-landscape/
06/04/2026

02:00 AM

06/04/2026

Mastering the Unseen: Managing Shadow AI and Agentic MCP Traffic

https://www.truthinit.com/index.php/channel/1948/mastering-the-unseen-managing-shadow-ai-and-agentic-mcp-traffic/
06/16/2026

07:00 AM

06/16/2026

Transforming Data Risk into Actionable Priorities: What to Address First

https://www.truthinit.com/index.php/channel/1952/transforming-data-risk-into-actionable-priorities-what-to-address-first/