AI Docs

Creating a Okta Connector | v8+

3 min read

certero logo_cropped_png-01 1.png

Managing API client access to Okta

The Certero connector for Okta uses Okta’s APIs to connect and retrieve data from Okta. The Okta APIs use industry standard OAuth 2.0 protocols for authentication and authorization.

For more information on what OAuth is and how this flow works between an endpoint server and Okta, please see the following link:

Okta OAuth2 Authentication Overview

To setup a connection between Certero and Okta, the customer will first need to ensure the customer has administrator access to an Okta account.

Optional: Creating an Okta account:

1. Create or login to an Okta account here .

2. After the account has been created click on the Sign In button:

3. Sign in using the administrator email and password.

To create a connection between Certero and Okta the Certero connector requires:

  • The customer Okta domain

  • An API Token (key)

To get these you will need to go to the Okta developer console page.

Switching to the developer console:

To display the Developer Console screen, from the Okta home screen, click on the profile name and choose the Your Org option.

Okta domain (or Okta URL):

For more information on finding your domain please click here .

You can find and copy your domain from the Okta Developer console.

1. Sign in to your Okta organization with your administrator account

2. Click on the Dashboard menu option.

3. Look for the Okta domain in the top right of the dashboard screen:

Your Okta domain will follow one of the following patterns:

  • oktapreview.com

  • okta.com

  • okta-emea.com

  • Or, a custom domain like id.example.com if you have configured a Custom URL Domain .

In the above image the domain name is shown as: dev-961986.okta.com

API Token (key):

API tokens are used to authenticate requests to the Okta APIs. API tokens inherit the API access of the user who creates them, so it is recommend that the customer creates a service account user with only the permission levels that are needed for the token to perform the required API tasks.

For more information about how to create a token, please click here .

To generate a token:

  1. Sign in to your Okta Organization as an admin.
    Note: API tokens are given the same permission as the user who creates them.  If the linked users permissions change any associated API token permissions will also change.  It is recommended a user (a service account user) is created that will be linked to the Token with the required permission levels.

  2. Access the API page

  • If you are using the Developer Console, select Tokens from the API menu:

  • If you use the Administrator Console (Classic UI), select API from the Security menu, and then select Tokens:

3. Click Create Token:

4. Name the token and click Create Token:

5. Copy and store the API token, it will not be shown again :

Create a new Certero Okta Connector

Enable the feature for the Endpoint Server.

1. In Certero > Administration > Endpoint Servers , right click on the endpoint server the Okta connector will be ran against and choose properties.

2. Click on the Features option.

3. Enable the Okta Connector row.

4. Click on Save:

Create a connector for Okta.

1. In Certero > Connectors > Okta Connectors , click the ‘ New ’ button.

2. Copy the Domain from the Okta Dashboard page within the Okta developer console and paste into the Domain See the Okta domain section

3. Copy the API Key (token) from the ‘app settings’ page within the Dropbox admin console to the Client Secret See the API Token section.

4. Set the Schedule for the connector.

5. Click on Save: