Overview
Torii integrates with Okta and syncs:
- Users list - All Okta users
- User status - Staged, Provisioned, Active, Suspended
- License - View who is licensed and who is not
- Usage -
- Torii presents the login usage for Okta users
- Maps and presents 3rd party apps login
- Users list per-app login - Note ❗ If users have access to a 3rd party App but did not log in. Torii does not count them as part of the usage
- The usage per app after login
- Multiple accounts - Torii supports and syncs multiple accounts
- Actions - With Torii, you can create Okta "workflow" actions like creating/activating/Deleting Okta users
Connect Okta to Torii
Okta integration consists of the following steps:
Step 1 - Create an API token
Step 2 - Get & connect Okta organization URL
Okta Scopes
Torii requires the following scopes in order to read Okta data or if you want to perform different actions directly from Torii on Okta.
Okta minimum scopes required for "Read-Only"
Required Scopes | Can access |
okta.users.read |
|
Okta scopes required to perform actions
Step 1 - Create an API token
- Go to the Okta website and log in as an Administrator
- Follow the step-by-step instructions to create an API key
- Copy and save the key
Step 2 - Get, copy & connect Okta organization URL
- Go to the Integrations page
- Connect to Okta
- Select the permission, "Read," or "Read and Take action."
Note that "Read and Take" action permission is required to use Torii's Okta actions - Copy your organization URL from Okta to the Torii Okta Organization URL field
- Paste the API Token
- Click Connect
- The "Test Connection" window will display, generating the connection test.
Click Connect to continue - Once the integration is connected and synced, it will display a green checkbox
Retrieve usage
Once connected, Torii will retrieve and present the usage from the last 30 days and forward.

Actions With Torii
With Torii, you can create Okta "workflow" actions like creating/activating/Deleting Okta users.

Read more about workflows in the "Automate your SaaS Management" article.
Q&A
- Q: On the okta applications page, what is “role” referring to?
A: We do not sync roles for Okta. Role is a standard column that appears in the in-app users' list. For some integrations, we sync roles, and for others, we do not.
- Q: My Okta integration sync has failed with this error message: "The token does not have permission for reading the apps list." what can I do?
A: This error might be due to the 'View the app and its details' scope missing in the permission list or the 'Applications' resource type being absent in the resource set obtained from the Okta Apps API. Please update the role permissions to include this scope and resource and the next sync should be successful.