Skip to content

Okta Permissions Reference

This section details the roles and API scopes required for SailPoint Entro’s Okta integration.


Required API Scopes

Scope Purpose
okta.apps.read Read application metadata
okta.appGrants.read Read app grant configuration
okta.roles.read List user and app roles
okta.users.read Access user and profile data
okta.logs.read Retrieve Okta system logs
okta.apiTokens.read Access Okta API token metadata

Required Roles

Role Purpose
Super Administrator Enables full read access to roles, users, and apps
Read-Only Administrator (optional) Restricted alternative for partial visibility
Custom SailPoint Entro Role (optional) Least privilege alternative

Security Notes

  • TLS 1.2+ enforced

  • AES-256 key encryption

  • SOC 2 Type II and ISO 27001 compliant

  • Read-only data retrieval only