Okta Permissions Reference
This section details the roles and API scopes required for SailPoint Entro’s Okta integration.
Required API Scopes
| Scope | Purpose |
|---|---|
| okta.apps.read | Read application metadata |
| okta.appGrants.read | Read app grant configuration |
| okta.roles.read | List user and app roles |
| okta.users.read | Access user and profile data |
| okta.logs.read | Retrieve Okta system logs |
| okta.apiTokens.read | Access Okta API token metadata |
Required Roles
| Role | Purpose |
|---|---|
| Super Administrator | Enables full read access to roles, users, and apps |
| Read-Only Administrator (optional) | Restricted alternative for partial visibility |
| Custom SailPoint Entro Role (optional) | Least privilege alternative |
Security Notes
-
TLS 1.2+ enforced
-
AES-256 key encryption
-
SOC 2 Type II and ISO 27001 compliant
-
Read-only data retrieval only