Authenticate with OAuth 2.0

Configure your source to authenticate with Okta using OAuth 2.0.

Note
For more information on retrieving some of the credentials used in this process, refer to Implement OAuth for Okta with a Service App.

Note
The Okta managed system does not support aggregation of the type_name and type_displayName attributes with OAuth 2.0 authentication type. SailPoint recommends that you use API token authentication to aggregate these attributes. For more information, refer to Authenticate with an API Token.

Enter the Okta URL of the host. For example, https://{yourOktaDomain}.com.
Select Client Credentials for the Grant Type. Currently, this is the only grant type supported.
Enter the OAuth 2.0 Token URL for token generation.

For example:

https://{yourOktaDomain}/oauth2/v1/token
Enter the Scopes that must be included while creating JWT token for appropriate operations on the Okta managed system. Scopes must be provided as a space-separated value.

For example:

okta.users.read okta.users.manage okta.groups.read okta.groups.manage okta.schemas.read okta.roles.read okta.roles.manage okta.factors.read okta.factors.manage okta.apps.read okta.apps.manage okta.logs.read
Enter the JWT Header that has the algorithm being used for signing the JWT assertion.

For example:
Copy
```
{
    "typ": "JWT",
    "alg": "RS256"
}
```
Enter the JWT Audience for authorization.
Enter the JWT Issuer for authorization. This value must be same as the client_id.
Enter the JWT Subject for authorization, This value must be same as the client_id.
Enter the Private Key text in Privacy Enhanced Mail (PEM) format to encrypt the JWT assertion.

Important
If your private key was originally provided in the JWK format, you need to convert it to PEM format before entering it.
Enter the Private Key Password to decrypt the private key that was used for assertion.

Note
The private key password may be referenced as a "KID" or KEY ID in Okta.
Select Save.

Change Authentication from API Token to OAuth 2.0

If the Authentication Type is set to API Token, you can change the authentication type to OAuth 2.0 by performing the following:

Add the private_key, private_key_password, and accessToken attributes to the encrypted tag with the connector-encrypted key, using the REST API. Refer to REST API - Update Source (Partial)
Remove the type_name and type_displayName attributes from account schema if they are present.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Authenticate with OAuth 2.0

Change Authentication from API Token to OAuth 2.0

Documentation Feedback