Configure Okta permissions

Before setting up the Okta data source for Data Access, configure the underlying data source with the required permissions to allow Data Access to synchronize users and groups.

Data Access authenticates to Okta by using an Okta API token. The token inherits the permissions of the admin role that is assigned to the user or service account that creates the token. We recommend that you create a dedicated service account with a custom admin role that is scoped to only the permissions that are specified in the following steps.

Steps

To configure Okta permissions for Data Access:

  1. In the Okta Admin Console, record your Okta domain (for example, mydomain.okta.com) for later use.
  2. Go to Security > Administrators > Roles, and then create a custom admin role that grants the following permissions.
    PermissionPurpose

    okta.users.read

    To view users and their details.

    okta.groups.read

    To view groups and their details.
  3. Create a service account, and then assign the custom admin role to it.
  4. In the Okta Admin Console, go to Security > API > Tokens > Create token, create an Okta API token as the service account, and then record the token value for later use.

What's next

Create Okta connection