Prerequisites

For API Token Authentication

An administrative user must be granted an Okta API token to authenticate.

Note
Okta API tokens generated from these steps are valid for 30 days and automatically refresh with each API call. Tokens that are not used for 30 days will expire.

To generate an Okta API token:

1. Go to Create an API token in the Okta Developer documentation.

2. Log in to your Okta organization as a user with super administrator privileges. API tokens have the same permissions as the user who creates them. If the user permissions change, the API token permissions also change.

3. On the Developer Console, select Tokens from the API menu.

4. On the administrator's UI (Classic UI), go to Security > API > Tokens.

5. Select Create Token and provide a name for the token.

6. Note the API token for future references.

For OAuth 2.0 Authentication

To use Okta OAuth 2.0 authentication:

1. Create a service application in Okta.

   Note
   For information on creating a service application on Okta, refer to Implement OAuth for Okta with a service app in the Okta Developer documentation.

2. Grant the required OAuth scopes to the service application.

3. Configure the Okta application as per the detail of service application.

   Note
   Refer to Okta Authorization Parameters for additional OAuth 2.0 information.

The Okta application must manage Users, Groups, and Roles using the REST API provided by Okta. By default, the applications attribute is not a part of the account schema. To add this attribute to the existing schema, refer to Adding Attributes to a Source Schema.