Configure Okta permissions
Before setting up the Okta data source for Data Access, configure the underlying data source with the required permissions to allow Data Access to synchronize users and groups.
Data Access authenticates to Okta by using an Okta API token. The token inherits the permissions of the admin role that is assigned to the user or service account that creates the token. We recommend that you create a dedicated service account with a custom admin role that is scoped to only the permissions that are specified in the following steps.
Steps
To configure Okta permissions for Data Access:
- In the Okta Admin Console, record your Okta domain (for example, mydomain.okta.com) for later use.
- Go to Security > Administrators > Roles, and then create a custom admin role that grants the following permissions.
Permission Purpose okta.users.readTo view users and their details.
okta.groups.readTo view groups and their details. - Create a service account, and then assign the custom admin role to it.
- In the Okta Admin Console, go to Security > API > Tokens > Create token, create an Okta API token as the service account, and then record the token value for later use.