Overview
Torii integrates with Okta and syncs:
- Users list - All Okta users
- User status - Staged, Provisioned, Active, Suspended
- License - View who is licensed and who is not
- Usage -
- Torii presents the login usage for Okta users
- Maps and presents 3rd party apps login
- Users list per-app login - Note ❗ If users have access to a 3rd party App but did not log in, Torii does not count them as part of the usage
- The usage per app after login
- Events
- Multiple accounts - Torii supports and syncs multiple accounts
- Actions - With Torii, you can create Okta "workflow" actions like creating/activating/Deleting Okta users
Connect Okta to Torii
Okta integration consists of the following steps:
Step 1 - Install Torii app on your Okta admin console
Step 2 - Connect Okta to Torii
Step 1 - Install Torii app on your Okta admin console
- Go to the Okta website and log in as an Administrator
- Select API service integrations in the left menu. Click "Add integration".
3. Scroll and find the Torii apps.
4. Select Torii (Read) or Torii (Read and Take action) in the app list.
Torii Read will allow Torii to sync data from Okta with Torii.
Torii Read and Take action will allow Torii to take actions in Okta on Torii behalf (creating Okta groups, creating users in Okta and more).
5. Click "Install and Authorize". You will be taken to the authorization screen where you can copy Okta domain and Client ID. You will also need to generate the Client secret. Once you generated the secret, copy and save it.
The next step would be copying the above details and populating them in Torii.
Step 2 - Connect Okta to Torii
- Go to the Integrations page
- Find Okta tile and click Connect
- Select the permission, "Read," or "Read and Take action."
Note that "Read and Take" action permission is required to use Torii's Okta actions - Copy your Okta domain from Okta and paste it to the Torii Okta Organization URL field
- Copy your Client ID from Okta and paste it to the Torii Client ID field
- Copy your Client secret and paste it to the Torii Client Secret field.
Click Continue.
7. The "Test Connection" window will show up, generating the connection test.
Click Connect to continue.
8. Once the integration is connected and synced, it will display a green checkbox
Usage
Once connected, Torii will retrieve and present the usage from the last 30 days and forward.
Events
Torii continuously monitors Okta events and updates data in Torii in real-time accordingly. The Okta events that Torii monitors are:
- User was deleted
- User was deactivated (and their status was changed to deprovisioned)
If you set Okta as the user lifecycle source of truth, the Offboarding To-Do list in Torii will be continuously updated based on the events above.
You can also leverage Torii's App Event workflow trigger to trigger automation based on the above events whenever an event happens in Okta.
💡 Note that Torii will automatically generate an event hook in your Okta admin console, subscribing to the two mentioned events. Any changes made to this subscription within Okta will not be reflected in Torii and could potentially interrupt event monitoring. We kindly request that you refrain from modifying it.Actions With Torii
With Torii, you can create Okta "workflow" actions like creating/activating/Deleting Okta users.
Read more about workflows in the "Automate your SaaS Management" article.
Q&A
- Q: On the okta applications page, what is “role” referring to?
A: We do not sync roles for Okta. Role is a standard column that appears in the in-app users' list. For some integrations, we sync roles, and for others, we do not.
- Q: My Okta integration sync has failed with this error message: "The token does not have permission for reading the apps list." what can I do?
A: This error might be due to the 'View the app and its details' scope missing in the permission list or the 'Applications' resource type being absent in the resource set obtained from the Okta Apps API. Please update the role permissions to include this scope and resource and the next sync should be successful.