Skip to content

Activity Insights - Okta

To display activity data from Okta, you must configure the following required sources so that Identity Security Cloud can gather your Okta information and activity data.
Okta The VA-based connector allows you to manage your Okta users and accounts in Identity Security Cloud.
Activity Insights – Okta The Activity Insights connector works with your Okta connector to provide activity data for identities.

Configuring Activity Insights Using a VA-Based Source

If you are setting up Activity Insights using a VA-based connector, you can create an API token or OAuth 2.0 service application to connect Okta to Identity Security Cloud. You'll then configure both the Okta VA-based and Activity Insights - Okta connectors so that Identity Security Cloud can gather your account information and display activity data.

Creating an API Token in Okta

  1. Log in to your Okta organization as a user with super administrator privileges.

    Note

    API tokens have the same permissions as the user who creates them. If a user's permissions change, the API token's permissions also change.

  2. Follow Okta's product documentation to create an API token.

After you've created your API token, you'll configure the Okta VA-based and Activity Insights - Okta connectors to connect Okta to Identity Security Cloud.

Creating an OAuth 2.0 Service Application in Okta

  1. Log in to your Okta organization as a user with administrative privileges.

  2. Follow Okta's product documentation to create a service account with the following OAuth scopes:

    Scopes Description
    okta.apps.read Allows the app to read information about Apps in your Okta organization.
    okta.groups.read   Allows the app to read information about groups and their members in your Okta organization.
    okta.logs.read Allows the app to read information about System Log entries in your Okta organization.
    okta.users.read Allows the app to read the existing users' profiles.

After you've created a service application in Okta, you'll configure the Okta VA-based and Activity Insights - Okta connectors.

Connecting Okta to Identity Security Cloud for Activity Insights

To connect Okta to Identity Security Cloud, you’ll need to configure the Okta VA-based and Activity Insights - Okta connectors. This will allow Identity Security Cloud to gather account information and activity data from the application.

Configuring the Okta VA-based Connector

Follow the directions to configure an Okta source in Identity Security Cloud. You can also edit an existing source.

Configuring the Activity Insights - Okta Connector

To display activity data from Activity Insights, you must configure the Activity Insights - Okta source in Identity Security Cloud.

  1. Go to Admin > Connections > Sources. 

  2. Select Create New to create a new source. 

  3. Search for and select the Activity Insights - Okta connector. 

  4. Enter a name and description for the source. 

  5. In the Source Owner field, begin typing the name of an owner. Matches appear after you type two letters. 

  6. (Optional) Select a governance group for source management.

  7. Select the checkbox if the source is an authoritative source.

  8. Select Continue to create the source.

  9. From the left panel, select Configuration in the Source Setup section.

  10. On the Authentication page, complete the following:

    • Enter your organization's Okta URL (https://{yourOktaDomain}.com) in the Okta URL field.

    • Select the authentication type used and enter the required information:

      • For API Token, enter the API token created for this integration.

      • For OAuth 2.0, complete the following:

        • In the Grant Type field, select Client Credentials.
        • In the OAuth 2.0 Token URL field, enter your OAuth 2.0 Token URL (https://{yourOktaDomain}/oauth2/v1/token).

        • In the Scopes field, enter the following scopes as a space-separated value:

          okta.apps.read okta.groups.read okta.logs.read okta.users.read

        • In the JWT Header field, enter the JWT Header that includes the algorithm used to sign the JWT assertion.

        • In the Audience field, enter the JWT Audience for authorization.
        • In the Issuer field, enter the JWT Issuer for authorization. This value must be same as the client_id.
        • In the Subject field, enter the JWT Subject for authorization. This value must be same as the client_id.
        • In the Private Key field, enter the Private Key text in PEM format to encrypt the JWT assertion. If your private key was originally provided in the JWK format, you must convert it to PEM format.
        • In the Private Key Password, enter the Private Key Password to decrypt the private key used for assertion. This value may be referenced as "KID" or "KEY ID" in Okta.

    • In the Identity Governance Source Name field, enter the name of the source you created for the VA-based connector. If no matching source is found, the test connection will fail.

  11. Select Save to save these settings. 

  12. From the left panel, select Review and Test in the Source Setup section.

  13. On the Configuration Summary page, select Test Connection to test the connection between the applications. You must have a successful connection for Identity Security Cloud to gather activity data. If the test is unsuccessful, retry your credentials or contact SailPoint Support. 

To gather account data, you must correlate accounts and run an aggregation for the Okta source. Your activity data will begin syncing immediately but may take up to 24 hours to display. Data will then update daily.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.