Torii integrates with Okta and syncs:
- Users list - All Okta users
- User status - Staged, Provisioned, Active, Suspended
- License - View who is licensed and who is not
- Usage -
- Torii presents the login usage for Okta users
- Maps and presents 3rd party apps login
- Users list per-app login - Note ❗ If users have access to a 3rd party App but did not log in. Torii does not count them as part of the usage
- The usage per app after login
- Multiple accounts - Torii supports and syncs multiple accounts
- Actions - With Torii, you can create Okta "workflow" actions like creating/activating/Deleting Okta users
Connect Okta to Torii
Okta integration consists of the following steps:
Step 1 - Create an API token
Step 2 - Get & connect Okta organization URL
Torii requires the following scopes in order to read Okta data or if you want to perform different actions directly from Torii on Okta.
Okta minimum scopes required for "Read-Only"
Okta scopes required to perform actions
Okta permissions required to sync events in real time
The Okta account must be connected using a Super admin API token.
See Okta documentation for more details
Step 1 - Create an API token
- Go to the Okta website and log in as an Administrator
- Follow the step-by-step instructions to create an API key
- Copy and save the key
Step 2 - Get, copy & connect Okta organization URL
- Go to the Integrations page
- Connect to Okta
- Select the permission, "Read," or "Read and Take action."
Note that "Read and Take" action permission is required to use Torii's Okta actions
- Copy your organization URL from Okta to the Torii Okta Organization URL field
- Paste the API Token
- Click Connect
- The "Test Connection" window will display, generating the connection test.
Click Connect to continue
- Once the integration is connected and synced, it will display a green checkbox
Once connected, Torii will retrieve and present the usage from the last 30 days and forward.
Torii continuously monitors Okta events and updates data in Torii in real-time accordingly. The Okta events that Torii monitors are:
- User was deleted
- User was deactivated (and their status was changed to deprovisioned)
If you set Okta as the user lifecycle source of truth, the Offboarding To-Do list in Torii will be continuously updated based on the events above.
You can also leverage Torii's App Event workflow trigger to trigger automation based on the above events whenever an event happens in Okta.💡 Note that Torii will automatically generate an event hook in your Okta admin console, subscribing to the two mentioned events. Any changes made to this subscription within Okta will not be reflected in Torii and could potentially interrupt event monitoring. We kindly request that you refrain from modifying it.
Actions With Torii
With Torii, you can create Okta "workflow" actions like creating/activating/Deleting Okta users.
Read more about workflows in the "Automate your SaaS Management" article.
- Q: On the okta applications page, what is “role” referring to?
A: We do not sync roles for Okta. Role is a standard column that appears in the in-app users' list. For some integrations, we sync roles, and for others, we do not.
- Q: My Okta integration sync has failed with this error message: "The token does not have permission for reading the apps list." what can I do?
A: This error might be due to the 'View the app and its details' scope missing in the permission list or the 'Applications' resource type being absent in the resource set obtained from the Okta Apps API. Please update the role permissions to include this scope and resource and the next sync should be successful.