Okta - Oleria Identity Security

Oleria provides identity security and access management teams with visibility and intelligence into who has access to what; where did they get that access; how are they using it; and, should they even have it. As part of that promise, we deep integrate your Okta instance into the Oleria platform. This document provides step-by-step guidance for integrating Okta with your Oleria workspace.

Prerequisites

The user granting these permissions must have super admin privileges

Standard integrations are configured with read-only permissions. Super admin permissions are limited to the API scopes specified in the steps below. Use a service account (and not an employee account) with the suggested privileges for the integration to ensure continuity.

Create an Oleria Application in Okta

Create a new app integration

Login to Okta admin console, navigate to Applications, select Create App Integration

Select API Services

Select API Services and select Next.

Name the application

Give the App Integration Name as “Oleria” and select Save.

Give App Integration Name as Oleria and Save

Configure client credentials

In the Oleria app, go to General → Client Credentials → select Edit.

Set Client authentication to Public key / Private key
Select Add Key to generate a key
Save the Client ID - you will need it when connecting in Oleria

Make sure there is only one key active for this application. The integration will not pull data if there are multiple active keys.

Okta API key configuration showing single active key requirement

Generate a public key

Add a public key by selecting Generate new key.

Add a public key by selecting the Generate new key

Save the private key

Save the key in PEM format and select Copy to clipboard. You will need this private key when connecting in Oleria.

You will need to generate a new key if you forget to copy or lose the key.

Grant API scopes

Go to Okta API Scopes and grant the following permissions:

okta.apps.read
okta.appGrants.read
okta.factors.read
okta.groups.read
okta.logs.read
okta.roles.read
okta.userTypes.read
okta.users.read
okta.policies.read
okta.features.read
okta.authenticators.read
okta.apiTokens.read
okta.agentPools.read
okta.oauthIntegrations.read

Grant remediation permissions (optional)

To perform remediations, grant the following additional permissions:To disable dormant accounts:

okta.users.manage

To remove dormant accounts from groups:

okta.groups.manage

To validate that the Oleria app has been granted group management permission:

okta.appGrants.read

Assign the Super Administrator role

Go to Admin roles, select Edit assignments, and add the Super Administrator role.

While both super admin and read-only administrator roles can retrieve user information, read-only administrators have limited access to administrator metadata. Specifically, read-only administrators cannot retrieve user role assignments via the API.

Okta admin role comparison: super admin vs read-only admin capabilities

Connect Okta to Oleria

Open the integration

Go to your Oleria workspace, select Integrations → select Okta.

Provide your credentials

Select Continue and provide the following:

Org URL - your Okta URL (do not use the Okta admin URL)
Client ID - copied from the app configuration above
Private key - copied from the app configuration above

Confirm the connection

Find the newly integrated Okta instance in your Oleria workspace connected integrations.

Contact us

For questions about this integration, contact us at support@oleria.com.

Documentation Index

​Prerequisites

​Create an Oleria Application in Okta

​Connect Okta to Oleria

​Contact us

Prerequisites

Create an Oleria Application in Okta

Connect Okta to Oleria

Contact us