Setup your Okta IDP

Complete guide for configuring Okta as an Identity Provider using OAuth 2.0 for API access

Setup your Okta IDP

Configure Okta as an Identity Provider using OAuth 2.0 to enable Authonomy to pull information from your Okta instance. This integration allows Authonomy to access user data, groups, authentication logs, and manage policies programmatically.

Overview

Authonomy integrates with Okta using OAuth 2.0 authorization code flow to obtain access tokens for making API calls. This setup enables:

  • User synchronization: Pull user profiles and attributes
  • Group management: Sync organizational groups and memberships
  • Authentication monitoring: Access login statistics and audit logs
  • Policy management: Read and manage authentication policies
  • Application oversight: Monitor and manage connected applications

Prerequisites

Before configuring Okta with Authonomy, ensure you have:

  • Okta Administrator Access: Super Admin or Organization Admin role
  • API Access Management: Your Okta instance must have API Access Management enabled
  • OAuth 2.0 Knowledge: Basic understanding of OAuth flows
  • Authonomy Access: Admin access to your Authonomy instance

Part 1: Okta Configuration

Step 1: Create OAuth 2.0 Application

  1. Log into Okta Admin Console

    • Navigate to your Okta admin dashboard
    • URL format: https://your-domain.okta.com/admin/dashboard

  2. Create New Application Integration

    Applications β†’ Applications β†’ Create App Integration

  3. Select Integration Type

    • Sign-in method: OIDC - OpenID Connect
    • Application type: Web Application
    • Click Next

  4. Configure Application Settings

    General Settings:

    • App integration name: Authonomy OAuth Integration
    • Logo: (Optional) Upload Authonomy logo

    Grant Types:

    • βœ… Authorization Code
    • βœ… Refresh Token
    • ❌ Implicit (Hybrid) - Not needed
    • ❌ Client Credentials - Not needed for this flow

  5. Configure Redirect URIs

    Add your Authonomy OAuth callback URL:

    https://authonomy.io/oauth/okta/callback

  6. Set Sign-out Redirect URIs (Optional)

    https://authonomy.io/authonomy-admin

  7. Configure Okta API Scopes

    In the Okta API Scopes section, grant the following scopes that Authonomy will need:

    • βœ… okta.users.read - Read user profiles

    • βœ… okta.users.manage - Manage user accounts

    • βœ… okta.groups.read - Read group information

    • βœ… okta.groups.manage - Manage groups

    • βœ… okta.apps.read - Read application configurations

    • βœ… okta.apps.manage - Manage applications

    • βœ… okta.logs.read - Access system and authentication logs

    • βœ… okta.policies.read - Read authentication policies

    • βœ… okta.policies.manage - Manage policies

    • βœ… okta.idps.manage - Manage identity providers

    Note: The offline_access scope is automatically included with refresh token grant type

  8. Save Application

    • Click Save to create the application
    • Important: Copy the Client ID and Client Secret - you’ll need these for Authonomy

Step 2: Assign Administrator User to Application

To perform the OAuth flow in Part 2, you need to assign an administrator user to the OAuth application:

  1. Navigate to Your OAuth Application

    • Go to Applications β†’ Applications
    • Click on the Authonomy OAuth Integration application you just created

  2. Access the Assignments Tab

    • Click the Assignments tab
    • This shows who can authenticate through this OAuth application

  3. Assign Administrator User

    • Click Assign β†’ Assign to People
    • Search for and select an administrator user account
    • This user will need sufficient privileges to access Okta’s Management APIs

    Required User Permissions: The assigned user should have one of these Okta admin roles:

    • Super Administrator (recommended for full access)
    • Organization Administrator
    • Read-Only Administrator (for read-only access)
    • Custom role with appropriate API permissions

  4. Confirm Assignment

    • Click Assign to complete the user assignment
    • The user will now be able to authenticate through this OAuth application

Important: The user you assign here will be the one who performs the OAuth authorization in Part 2 Step 3. Make sure this user has the necessary permissions to access the Okta APIs that Authonomy needs.

Part 2: Authonomy Configuration

Step 1: Create Identity Provider in Authonomy

  1. Navigate to Identity Providers

    • Log into Authonomy admin console
    • Go to Settings β†’ Identity Providers

  2. Create New Identity Provider

    • Click Add Identity Provider
    • Provider Type: Select Okta
    • Name: Okta OAuth Integration
    • Description: Brief description of your Okta instance

Step 2: Configure OAuth Settings

Configure the OAuth connection using the details from your Okta application:

Configuration Fields:

  • Client ID: From your Okta OAuth application
  • Client Secret: From your Okta OAuth application (keep secure!)
  • Base URL: Your Okta domain (e.g., https://company.okta.com)
  • Redirect URI: https://authonomy.io/oauth/okta/callback

Step 3: Test OAuth Configuration

  1. Initiate OAuth Flow

    • In Authonomy, find your Okta Identity Provider
    • Click Test Connection or Authorize

  2. Complete Authorization

    • You’ll be redirected to Okta’s login page
    • Log in with your Okta administrator credentials
    • Review and approve the requested permissions
    • You’ll be redirected back to Authonomy

  3. Test the Connection

    • Download applications from Okta to verify API access
    • Pull user data to confirm user management permissions
    • Check that the connection is working properly