Okta stores user and user group data to support single sign-on functionality, which can include personal information for each user, such as photographs and phone numbers.
You can connect your Okta account to Reco to analyze and monitor activity, which will help you protect all of your company's data.
Integrate Okta with Reco
Okta enables two ways of authorizing Reco to integrate: OAuth2 and SSWS.
Note: The authorizing user must be a "Super Admin" in your Okta account. Otherwise, not all required permissions would be granted for the Reco app.
Integrating using OAuth2
In Okta, navigate to Applications > API Services Integration > Add Integration > Reco.
Upon installation, you will be provided a set of 3 parameters: Org URL, Client ID, and Client Secret credentials. Copy those credentials.
Important Note: You must copy the token now, as you won't be able to retrieve it later.
Login to the Reco Platform
Click on "Configurations" then click on "Integrations"
Locate the "Okta" object and click on "Add Integration"
Paste the credentials set in the Okta integration flyout
The Okta Integration Status will become "Active" if the integration is successful.
When to use API Key (SWSS)?
You should use an API key (such as the SSWS token) when you don't have access to API access management features like OAuth or other token-based authentication methods.
This is commonly used in scenarios where OAuth2.0 or client credentials flows are unavailable or not configured.
How to generate the API key?
Navigate to your Okta admin account and log in.
The Okta admin account is at your tenant URL, in the following format: https://{tenant}-admin.okta.com/.
For example: https://trial-3101065-admin.okta.com/
The console loads.From the sidebar, click Security > API.
βThe API page loads.Click the Tokens tab and then click Create Token.
The Create token pop-up loads.
Give a unique name to the token, such as OktaForReco, to indicate where the token is in use for future reference, and then click Create Token.
The pop-up reloads with a token; in the background, the API list also updates with the token and its general details.
Click to copy your new token and then click OK, got it.
This token should be treated like the Client Secret from the OAuth2.0 section
Important! You must copy the token now. When you click Ok, got it, you will no longer be able to copy or find it. |
What do we ingest exactly?
Scopes | Documentation |
okta.users.read | |
okta.groups.read | |
okta.groups.read | |
okta.logs.read | |
okta.apps.read | |
okta.appGrants.read | |
okta.apps.read | |
okta.apps.read | |
okta.domains.read | |
okta.roles.read | |
okta.policies.read | |
okta.users.read | |
okta.apps.read | |
okta.orgs.read | |
okta.orgs.read | |
okta.devices.read | |
okta.idps.read | |
okta.networkZones.read | |
okta.threatInsights.read | |
okta.behaviors.read |