Okta Application Integration Setup
Last updated
Was this helpful?
Last updated
Was this helpful?
BalkanID recommends creating a separate service account for the purposes of this integration, instead of using personal or employee named accounts.
Okta Token
Okta Site URL
The following permissions are required by BalkanID in order to effectively pull identities, accesses (groups and applications) from Okta. BalkanID only reads the data and doesn’t not edit any accesses within Okta.
View users and their details
View groups and their details
Manage group membership
Needed to get user membership to groups. Okta does not provide read only permission. This permission only allows to remove a user out of a group, but does not grant ability to add a user to a group. If this permission is not provided, anything that is granted through a group will not be connected to the user. Only applications assigned directly to the user will show in BalkanID for that user.
View application and their details
View Roles and their details (Scope required okta.roles.read)
You can either create the token from an existing Super User Admin account or create a new service account to create this token. Creating a new service account within Okta for creating this token is out of scope of this document. This document should be assuming, you are logged into Okta account with the relevant permissions and steps involved in creating a token. Create an Okta token:
In Okta’s admin console, navigate to Security > API
Click the Create Token button.
Provide a name for the token.
Copy the token value to your clipboard. Store it securely for future purposes.
Login to the BalkanID application and switch to the tenant you would like to add your integration to.
Head to Integrations > Third Party Applications and click Add Integration, select Okta. Set up the Primary Application owner and the Description, if any.
Okta would have been added to the list of applications. Click on the Configure and Integrate button beside the integration name, and configure the fields with the values that were noted prior. It should look like this:
Here is an example of how the filled fields look like (note the Okta site URL specifically, which is just going to the site with no additional things in the URL).
Once you filled in the information, click Save changes. Your integration is now configured and you will see the status of the integration displayed alongside other integrations on the Integrations page. Integrations are synced daily. When data is available, the integration Status column will read Connected and the integration Message will read Data available.
Read Only (Access Review) Scopes
Lifecycle Management Scopes
okta.roles.read
okta.roles.manage
okta.factors.read
okta.factors.manage
okta.groups.read
okta.groups.manage
okta.apps.read
okta.apps.manage
okta.users.read
okta.users.manage
