Required Permissions

Create an Okta account with privileges to manage the Okta accounts you want to aggregate. Okta provides different levels of permission that provide create, update, and delete account capability.

Review the permission model below and create your account accordingly. Generate the Okta API token with this account that can be used for authentication. For example, you can create an account with Super Admin/Org Admin/Group Admin permissions.

 

Connector Operation	Super Admin	Org Admin	Group Admin	App Admin	Read-only Admin	Help-desk Admin
Test Connection	Yes	Yes	Yes	Yes	Yes	Yes
Aggregate Standard Attributes	Yes	Yes	Yes	Yes	Yes	Yes
Aggregate Groups Attribute	Yes	Yes	No	Yes	Yes	No
Aggregate Roles Attribute	Yes	No	No	No	No	No
Aggregate Factors Attribute	Yes	Yes	Yes	No	Yes	Yes
Aggregation of Custom Roles	Yes	No	No	No	No	No
Aggregation of Applications	Yes	No	No	Yes	Yes	No
Delta Aggregation	Yes	Yes	No	Yes	Yes	No
Create Users	Yes	Yes	Yes	No	No	No
Enable/Disable Users	Yes	Yes	Yes	No	No	No
Unlock Accounts	Yes	Yes	Yes	No	No	Yes
Password Resets/Change password	Yes	Yes	Yes	No	No	No
Pass-through Authentication	Yes	Yes	Yes	Yes	Yes	Yes
Management of APP Target and APP Instance Target for APP_ADMIN Role	Yes	No	No	No	No	No
Management of Group Target for HELP_DESK_ADMIN Role	Yes	No	No	No	No	No
Add/Remove Groups	Yes	Yes	No	No	No	No
Add/Remove Applications	Yes	No	No	Yes	No	No
Add/Remove Roles	Yes	No	No	No	No	No
Create/Update/Delete group	Yes	Yes	No	No	No	No

	Scopes
Mandatory Scopes	okta.logs.read okta.users.manage okta.groups.manage
Additional Scopes to Manage the roles	okta.roles.manage
Additional Scopes to Manage factors	okta.factors.manage
Additional Scopes to Manage applications	okta.apps.manage