Skip to content

Okta Troubleshooting and Validation

Validation Steps After Connection

  1. Validate connection in SailPoint Entro Dashboard

    Go to Management → Accounts & Integrations → Okta.

  2. Confirm connection status

    Ensure the connection status displays Verified.

  3. Check last sync

    Review the Last Sync Timestamp to ensure recent activity.

  4. Validate data visibility

    Open Findings and NHI Inventory to validate Okta secrets and user data visibility.

Common Issues

Issue Cause Resolution
401 Unauthorized Invalid Client ID or key mismatch Re-copy and re-paste the public key
403 Forbidden Missing API scopes or admin role Ensure all scopes and Super Admin are assigned
Connection timeout Network issue Verify connector and outbound access
Partial visibility Using Read-only admin Switch to Super Admin for full data access

FAQ Highlights

Do I need Super Admin permissions?

To list app roles, see "API Grants," and read audit logs, a Super Admin role is required. This is the only built-in role that can list "API Grants" permissions for Okta apps (NHIs). Refer to Okta's documentation for additional information.

What are the limitations of assigning Read-only Admin instead of Super Admin?

SailPoint Entro won't have visibility of "API Grants" data in each Okta app permission.

Can I assign a custom role instead of using builtin admin roles?

Yes, however, when using a custom role, ensure to also assign the "Report administrator" role for log collection.

Does SailPoint Entro perform write actions?

SailPoint Entro never performs write actions.

Security & Compliance

  • Read-only operations only

  • TLS 1.2+ enforced

  • AES-256 key encryption