# Okta Application Integration Setup

### Getting started <a href="#h_01hq2zk9nwq6e7erp82q5rfmtt" id="h_01hq2zk9nwq6e7erp82q5rfmtt"></a>

BalkanID recommends creating a separate service account for the purposes of this integration, instead of using personal or employee named accounts.&#x20;

#### Requirements: <a href="#h_01hq2zkj3s2k8p90nr21fkzmw6" id="h_01hq2zkj3s2k8p90nr21fkzmw6"></a>

* ***Okta Token***
* ***Okta Site URL***

#### Getting the Configuration <a href="#h_01ha5cnnxg136msfvmpd1br73y" id="h_01ha5cnnxg136msfvmpd1br73y"></a>

The following permissions are required by BalkanID in order to effectively pull users, groups and applications along with their respective accesses from Okta.

* View users and their details
* View groups and their details
* Manage group membership
  * Needed to get user membership to groups. Okta does not provide read only permission. This permission only allows to remove a user out of a group, but does not grant ability to add a user to a group. If this permission is not provided, anything that is granted through a group will not be connected to the user. Only applications assigned directly to the user will show up in BalkanID for that user.
* View application and their details
* View Roles and their details (Scope required **okta.roles.read**)

You can either create the token from an existing ***Super User Admin account*** or create a new service account to create this token. Creating a new service account within Okta for creating this token is out of scope of this document. This document should be assuming, you are logged into Okta account with the relevant permissions and steps involved in creating a token.\
\
**Create an Okta token:**

1. In Okta’s admin console, navigate to *Security* > *API.*\
   &#x20;

   <figure><img src="/files/RkXQ5m2JQStaQLFTqmGL" alt="" width="336"><figcaption></figcaption></figure>
2. Click the **Create Token** button.<br>

   <figure><img src="/files/Cz8hcpfDw9lQVNE4slf5" alt="" width="375"><figcaption></figcaption></figure>
3. Provide a name for the token.<br>

   <figure><img src="/files/WPJaAykxXQ6wm0jfvDjR" alt="" width="375"><figcaption></figcaption></figure>
4. Copy the *token value* to your clipboard. Store it securely for future purposes. <br>

   <figure><img src="/files/LE1rWjLR3Xv2MIHKKZyF" alt="" width="375"><figcaption></figcaption></figure>

### Configure Okta within your BalkanID tenant <a href="#h_01hph100p961hyz7q6zc8dbz23" id="h_01hph100p961hyz7q6zc8dbz23"></a>

1. Login to the BalkanID application and switch to the tenant you would like to add your integration to.
2. Head to *Integrations* > **Add Integration**, select **Okta.**<br>

   <figure><img src="/files/Pg8PjLXNuFbBgau9djRm" alt=""><figcaption></figcaption></figure>

   <figure><img src="/files/5iNRkj9uiA8KIEjQmyms" alt=""><figcaption></figcaption></figure>
3. Set up the *Primary Application owner (mandatory)* and the *Description*, if any. Set up Secondary Application Owner(s), if any. <br>

   Select the Extraction Type. From here, you can configure your application using one of the following methods:

   1. **Direct integration** - Provide your Okta Token and Site URL obtained above to set up a direct connection with BalkanID.
   2. **SCIM integration** - Provide SCIM server credentials to set up a SCIM connection with BalkanID.&#x20;
   3. **Manual file upload** - Upload Entity and Entity Relations through a .CSV file upload. Contact the team for assistance with this. &#x20;
   4. **Automated upload using API -** You can upload data using our [Bulk APIs](https://developer.balkan.id/) with the help of an API key which will be provided to you. Please refer to the [entity](https://developer.balkan.id/bulk-entities-upload-api-early-access-12828095e0) and [entity relation](https://developer.balkan.id/bulk-entity-relations-upload-api-early-access-12828102e0) upload docs for specific instructions on uploading your data through the API.&#x20;

   <figure><img src="/files/jGlUPpEdXhkIfz6i3Xsi" alt="" width="563"><figcaption></figcaption></figure>
4. Click on next to move onto *Optional Configuration.*
5. Fill **Optional configuration,** if required. &#x20;

   <figure><img src="/files/EUioMfxtWMnP3F8JnK2M" alt="" width="563"><figcaption></figcaption></figure>
6. Once you filled in the information, click **Save**. Your integration is now configured and you will see the status of the integration displayed alongside other integrations on the *Integrations* page. When data is available, the integration Status will read **Connected** and the integration Message will read **Data available**.

### Integration Scopes <a href="#h_01j0xzbfdvk4nq17g7phcq8x7q" id="h_01j0xzbfdvk4nq17g7phcq8x7q"></a>

<table data-header-hidden><thead><tr><th width="374"></th><th></th></tr></thead><tbody><tr><td><strong>Read Only (Access Review) Scopes</strong></td><td><strong>Lifecycle Management Scopes</strong></td></tr><tr><td>okta.roles.read</td><td>okta.roles.manage</td></tr><tr><td>okta.factors.read</td><td>okta.factors.manage</td></tr><tr><td>okta.groups.read</td><td>okta.groups.manage</td></tr><tr><td>okta.apps.read</td><td>okta.apps.manage</td></tr><tr><td>okta.users.read</td><td>okta.users.manage</td></tr></tbody></table>

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.balkan.id/getting-started/setting-up-your-tenant/application-integrations/direct-application-integration/okta-application-integration-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.