Skip to main content
Oleria provides identity security and access management teams with visibility and intelligence into who has access to what; where did they get that access; how are they using it; and, should they even have it. As part of that promise, we deep integrate your Okta instance into the Oleria platform. This document provides step-by-step guidance for integrating Okta with your Oleria workspace.

Pre-requisites

  • The user granting these permissions must have super admin privileges
Note: Standard integrations are configured with read-only permissions. Super admin permissions are limited for the API scopes specified in step 1.7 Please use a service account (and not an employee account) with the suggested privileges for the integration to ensure continuity

Steps to Integrate Okta with Oleria workspace

Step 1: Create an Oleria application in the Okta admin console

  1. Login to Okta admin console, navigate to Applications, select Create App Integration
  1. Select API Services and click next
  1. Give App Integration Name as “Oleria” and Save
  1. In the Oleria app General setting → Client Credentials → click EDIT
  • Set Client authentication to Public key / Private key
  • Add Key button to generate a key
  • Save Client ID. You need the Client ID to add  Okta integration from the Oleria workspace.
Note : Please make sure there is only one key active for this application. Our plugin will not pull data if there are multiple active keys.
  1. Add a public key by selecting the Generate new key
  1. Save the key in PEM format and select **Copy to clipboard. **You need the key to add Okta integration from the Oleria workspace.
Note:* You need to generate a new key in case you forgot to copy  or lost the key.*
  1. Go to Okta API Scopes and grant permissions to the following scopes
` okta.apps.read okta.appGrants.read okta.factors.read okta.groups.read okta.logs.read okta.roles.read okta.userTypes.read okta.users.read okta.policies.read okta.features.read okta.authenticators.read okta.apiTokens.read okta.agentPools.read okta.oauthIntegrations.read `Copy
  1. To perform **remediations, **you need to grant the following permissions
  2. To  disable dormant accounts, grant the following permission
okta.users.manageCopy
  1. To remove dormant accounts, grant the following permission
okta.groups.manageCopy Add the following permission to validate if Oleria app has been granted the group management permission okta.appGrants.readCopy
  1. Go to Admin roles, click **Edit assignments, **and add the **Super Administrator **role
Note: While both super admin and read-only administrator roles can retrieve user information, read-only administrators have limited access to administrator’s metadata. Specifically, read-only administrators cannot retrieve user role assignments (admin roles) via the API.

Step 2. Integrate Okta with your Oleria Workspace

  1. Goto your Oleria workspace, select Integrations → select Okta
  1. Select continue, provide the following
  • Org URL: Provide your Okta URL. (Note: Do not use Okta admin URL)
  • Client ID: Copy Client ID saved from step 1.4
  • Private: Copy the Private key saved from step 1.6
  1. Find the newly integrated Okta instance in your Oleria workspace connected integrations.[f]

Contact us

For questions about this integration, please contact us at support@oleria.com.