Skip to main content
All CollectionsOnboarding and Configuration Guides
Okta Onboarding Guide
Okta Onboarding Guide
Gal Nakash avatar
Written by Gal Nakash
Updated over 2 weeks ago

Okta stores user and user group data to support single sign-on functionality, which can include personal information for each user, such as photographs and phone numbers.

You can connect your Okta account to Reco to analyze and monitor activity, which will help you protect all of your company's data.

Integrate Okta with Reco

Okta enables two ways of authorizing Reco to integrate: OAuth2 and SSWS.

Note: The authorizing user must be a "Super Admin" in your Okta account. Otherwise, not all required permissions would be granted for the Reco app.

Integrating using OAuth2

  1. In Okta, navigate to Applications > API Services Integration > Add Integration > Reco.

  2. Upon installation, you will be provided a set of 3 parameters: Org URL, Client ID, and Client Secret credentials. Copy those credentials.

    1. Important Note: You must copy the token now, as you won't be able to retrieve it later.

  3. Login to the Reco Platform

  4. Click on "Configurations" then click on "Integrations"

  5. Locate the "Okta" object and click on "Add Integration"

  6. Paste the credentials set in the Okta integration flyout

  7. The Okta Integration Status will become "Active" if the integration is successful.

When to use API Key (SWSS)?

You should use an API key (such as the SSWS token) when you don't have access to API access management features like OAuth or other token-based authentication methods.

This is commonly used in scenarios where OAuth2.0 or client credentials flows are unavailable or not configured.

How to generate the API key?

  1. Navigate to your Okta admin account and log in.
    The Okta admin account is at your tenant URL, in the following format: https://{tenant}-admin.okta.com/.
    For example: https://trial-3101065-admin.okta.com/
    The console loads.

  2. From the sidebar, click Security > API.
    โ€‹    The API page loads.

  3. Click the Tokens tab and then click Create Token.

The Create token pop-up loads.

  1. Give a unique name to the token, such as OktaForReco, to indicate where the token is in use for future reference, and then click Create Token.

The pop-up reloads with a token; in the background, the API list also updates with the token and its general details.

comeet-trial-3101065 - API 2022-09-23 at 12.17.56 PM

Click to copy your new token and then click OK, got it.

This token should be treated like the Client Secret from the OAuth2.0 section

Important!

You must copy the token now. When you click Ok, got it, you will no longer be able to copy or find it.

What do we ingest exactly?

Scopes

Documentation

okta.users.read

Users

okta.groups.read

Groups

okta.groups.read

Groups

okta.logs.read

System Log

okta.apps.read

Applications

okta.appGrants.read

Application Grants

okta.apps.read

Application Groups

okta.apps.read

Application Users

okta.domains.read

Custom Domains

okta.roles.read

Role Assignments

okta.policies.read

Policies

okta.users.read

User Factors

okta.apps.read

Okta Application Settings

okta.orgs.read

Org Settings

okta.orgs.read

Org Settings

okta.devices.read

Devices

okta.idps.read

Identity Providers

okta.networkZones.read

Network Zones

okta.threatInsights.read

ThreatInsight

okta.behaviors.read

Behavior Rules

Did this answer your question?