Okta is an identity and access management platform that provides secure authentication and user management.
Integrating it with your application improves security by offering seamless single sign-on (SSO) and robust access controls.
Authentication
Before you begin, make sure you have the following information:
Connection Name
: Choose a meaningful name for your connection. This name helps you identify the connection within your application or integration settings. It could be something descriptive like "MyAppOktaIntegration".Authentication Type
: Okta supports three authentication methods: token-based authentication, Authorisation code grant-based authentication and Client credentials-based Authentication.Okta Domain
: Enter your Okta domain name. This can be found in your Okta URL (e.g., mycompany.okta.com).
Token-based Authentication
To generate an API token in Okta, follow these steps:
Log in to the
Okta Admin Console
using an administrator account with the required permissions.On the left-hand side, expand the
Security
section.From the dropdown menu, select
API
to access the API management page.Navigate to the
Tokens
tab.Click
Create Token
to initiate the creation of a new token.Enter a
name
for the token for future identification.After creating the token, ensure you copy the token value and paste it into the
API token
section in UnifyApps to establish the connection between UnifyApps and Okta.
Authorisation code grant-based authentication
We must create a client ID and client secret to configure the Authorisation code grant with Okta. Follow these instructions to create them:
Sign in
to your Okta organisation using your administrator account.In the
Admin Console
, navigate toApplications
>Applications
from the left-hand menu.Click on
Create App Integration
to begin creating a new app.Select
OIDC
- OpenID Connect
as the sign-in method on the Create a New App integration page.For the application type, choose
Web Application
. This is a straightforward way to test OAuth 2.0-based access to Okta APIs using bearer tokens.Provide a
name
for your app integration and ensure that theAuthorization Code
grant type is selected (it’s mandatory and pre-selected by default).In the
Sign-in redirect URIs
field, specify the callback location where Okta will return the user and token post-authentication.Optionally, in the
Assignments
section, you can limit access by adding specific groups or skip this for now.Click
Save
, and your app integration will be created. TheClient ID
andClient Secret
are listed under theClient Credentials
section.
This process helps configure the client app, which can be used to securely authenticate and interact with Okta’s APIs.
Client credentials-based Authentication
To configure the client credentials-based authentication method with Okta, please follow these steps:
Log In: Access your Okta organisation with an administrator account.
Navigate to Applications: In the Okta Admin Console, go to
Applications
and selectApplications
again.Create App Integration: Click
Create App Integration
to start the setup process.Choose Sign-in Method: On the new app integration page, select
API Services
as the sign-in method.App Integration Name: Enter a meaningful name for your app integration, then click
Save
.Copy Client ID: In the General tab of the newly created app integration, copy the
Client ID
.Edit Client Authentication: Select
Edit
and choose thePublic / Private key
in the Client authentication field.Add Public Key: Click on
Add key
in thePUBLIC KEYS
section.Generate Key Pair: In the
Add a Public Key
section, selectGenerate a new key
to create a key pair.Copy Private Key: Choose
PEM
in the Private key section and copy the private key for use in your connection settings, noting that it cannot be retrieved later.Finalise Key Addition: Click
Done
to finish adding the key.Save Changes: Return to the General tab and select
Save
to activate the key. Confirm by selecting Save again if prompted that existing client secrets will no longer be used.Assign API Scopes: Navigate to the
Okta API Scopes
tab and assign the necessary scopes. At a minimum, include okta.logs.read and okta.schemas.read for proper access.
To successfully create a connection, paste the Client ID
, private key
, KID
, and n
values from the public key
and the API token
generated using the first authentication method.
Granular Permissions
OAuth 2.0 Scopes
Scope | Description |
| Requests access to the address claim |
| Requests a device secret used to obtain new tokens without re-prompting the user for authentication. See Native SSO |
| Requests access to the email and email_verified claims |
| Requests access to the group claim |
| Requests a refresh token used to obtain new access tokens without re-prompting the user for authentication |
| Allows the app to manage clients in your Okta organisation |
| Allows the app to read information about clients in your Okta organisation |
| Allows the app to register new clients in your Okta organisation |
| Allows an admin or a service to initiate Universal Logout and revoke all tokens and sessions for a user |
| Allows the app to trigger an OAuth 2.0-protected flow |
| Identifies the request as an OpenID Connect request |
| Requests access to the phone_number and phone_number_verified claims |
| Requests access to the end user's default profile claims |
Actions
Action Name | Description |
| Activate a user in Okta |
| Add an existing user to a group in Okta |
| Create a new user in Okta |
| Update user details in Okta |
| Deactivate a user in Okta |
| Delete a user in Okta |
| Expire an existing user's password in Okta |
| Retrieve the list of members in a group in Okta |
| Retrieve groups by name in Okta |
| Retrieve recent logon events by IP address in Okta |
| Retrieve the groups a user belongs to in Okta |
| Remove an existing user from a group in Okta |
| Reset a user's password in Okta |
| Search for users in Okta |
| Suspend a user in Okta |
| Unsuspend a user in Okta |
| Retrieve a user by their ID in Okta |
| List applications assigned to user in Okta |
| Retreive password reset link when user has forgotten his password in Okta |
Triggers
Trigger Name | Description |
| Triggers immediately when a new event is created in Okta |
| Triggers when a new event is created in Okta |
| Search for system log events on a specified schedule and returns as lists of events |