Okta Troubleshooting and Validation
Validation Steps After Connection
-
Validate connection in SailPoint Entro Dashboard
Go to Management → Accounts & Integrations → Okta.
-
Confirm connection status
Ensure the connection status displays Verified.
-
Check last sync
Review the Last Sync Timestamp to ensure recent activity.
-
Validate data visibility
Open Findings and NHI Inventory to validate Okta secrets and user data visibility.
Common Issues
| Issue | Cause | Resolution |
|---|---|---|
| 401 Unauthorized | Invalid Client ID or key mismatch | Re-copy and re-paste the public key |
| 403 Forbidden | Missing API scopes or admin role | Ensure all scopes and Super Admin are assigned |
| Connection timeout | Network issue | Verify connector and outbound access |
| Partial visibility | Using Read-only admin | Switch to Super Admin for full data access |
FAQ Highlights
Do I need Super Admin permissions?
To list app roles, see "API Grants," and read audit logs, a Super Admin role is required. This is the only built-in role that can list "API Grants" permissions for Okta apps (NHIs). Refer to Okta's documentation for additional information.
What are the limitations of assigning Read-only Admin instead of Super Admin?
SailPoint Entro won't have visibility of "API Grants" data in each Okta app permission.
Can I assign a custom role instead of using builtin admin roles?
Yes, however, when using a custom role, ensure to also assign the "Report administrator" role for log collection.
Does SailPoint Entro perform write actions?
SailPoint Entro never performs write actions.
Security & Compliance
-
Read-only operations only
-
TLS 1.2+ enforced
-
AES-256 key encryption