How can we help?

Okta Integration

Noga Tubi
Noga Tubi
  • Updated
Set up your Okta Cloud integration and get the insights in Torii's dashboard

Overview

Torii integrates with Okta and syncs:

  • Users list - All Okta users
  • User status - Staged, Provisioned, Active, Suspended
  • License - View who is licensed and who is not
  • Usage -
    • Torii presents the login usage for Okta users
    • Maps and presents 3rd party apps login
      • Users list per-app login - Note ❗ If users have access to a 3rd party App but did not log in. Torii does not count them as part of the usage
      • The usage per app after login
  • Multiple accounts - Torii supports and syncs multiple accounts
  • Actions - With Torii, you can create Okta "workflow" actions like creating/activating/Deleting Okta users

Connect Okta to Torii

Okta integration consists of the following steps:

Step 1 - Create an API token

Step 2 - Get & connect Okta organization URL

Okta Scopes 

Torii requires the following scopes in order to read Okta data or if you want to perform different actions directly from Torii on Okta.

Okta minimum scopes required for "Read-Only"

Required Scopes  Can access

okta.users.read

Okta scopes required to perform actions

Required Scopes  Available actions

okta.groups.read, 

okta.groups.manage
  • Add User to Groups
  • Remove User from Groups

okta.apps.manage

  • Assign User to Applications
  • Unassign User from Applications
  • Change User Password
  • Change User Profile
  • Create User
  • Activate User
  • Deactivate User
  • Delete User
  • Suspend User
  • Unsuspend User
  • Unlock User
  • Expire User Password
  • Reset User MFA
  • Reset User Password

Step 1 - Create an API token

  1. Go to the Okta website and log in as an Administrator
  2. Follow the step-by-step instructions to create an API key
  3. Copy and save the key

Step 2 - Get, copy & connect Okta organization URL

  1. Go to the Integrations page
  2. Connect to Okta
    mceclip0.png
  3. Select the permission, "Read," or "Read and Take action."
    Note that "Read and Take" action permission is required to use Torii's Okta actions
  4. Copy your organization URL from Okta to the Torii Okta Organization URL field
  5. Paste the API Token 
  6. Click Connect
    mceclip0.png
  7. The "Test Connection" window will display, generating the connection test.
    Click Connect to continue
    mceclip1.png
  8. Once the integration is connected and synced, it will display a green checkbox
    mceclip2.png

Retrieve usage

Once connected, Torii will retrieve and present the usage from the last 30 days and forward.

Actions With Torii

With Torii, you can create Okta "workflow" actions like creating/activating/Deleting Okta users.

Read more about workflows in the "Automate your SaaS Management" article.

Q&A

  • Q: On the okta applications page, what is “role” referring to?
    A: We do not sync roles for Okta. Role is a standard column that appears in the in-app users' list. For some integrations, we sync roles, and for others, we do not.

 

  • Q: My Okta integration sync has failed with this error message: "The token does not have permission for reading the apps list."  what can I do?
    A: This error might be due to the 'View the app and its details' scope missing in the permission list or the 'Applications' resource type being absent in the resource set obtained from the Okta Apps API. Please update the role permissions to include this scope and resource and the next sync should be successful.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request