Skip to main content

About Okta

The Okta connector reads directory data, group memberships, application assignments, policies, MFA posture, and audit-related signals from your Okta org and surfaces them as artifacts in Iru Compliance. Authentication uses an Okta API token over the Okta Management API. The integration is intended for read-only evidence collection. Iru does not provision users or change policies in Okta beyond what your token’s admin permissions allow during API reads.

How It Works

Okta accepts API tokens using the SSWS scheme: 
Authorization: SSWS YOUR_API_TOKEN
Tokens inherit the permissions of the admin who created them. Unused tokens expire after 30 days; successful API calls refresh that window. The Iru connector walks through server URLs for your tenant (production, EMEA, Gov, preview, or custom domain), then collects your API token on the final step. Earlier wizard steps align OAuth-related URLs where the product expects them; SSWS token authentication is what authorizes Management API calls for this source.
DetailValue
CategorySecurity / identity
AuthenticationOkta API token (Authorization: SSWS YOUR_TOKEN)
Okta planAny plan that includes Management API access you rely on
Documentation: Create an API token, API token management, Rate limits.

Prerequisites

  • An Okta administrator role that can create API tokens (Super Admin, Org Admin, or Read-only Admin, depending on what your org allows for automation accounts).
  • Your org’s subdomain or full Okta domain (for example acme if users sign in at https://acme.okta.com).

Connect Okta to Iru

Complete this tab before you connect the source in Compliance.
1

Sign in to the Okta Admin Console

Open your org’s admin URL (for example https://YOUR_SUBDOMAIN.okta.com/admin) and sign in with a role that can create API tokens (Super Admin, Org Admin, or Read-only Admin, per what your org allows for automation accounts).
2

Open Security

In the left navigation, expand Security (or search API in the admin search bar).
3

Open API token management

Choose APITokens to open the list of existing tokens and Create token.
4

Create a new token

Select Create token, enter a name you will recognize (for example Iru Compliance), then confirm creation so Okta can display the secret once.
5

Copy the token immediately

Copy the token value before you close the dialog. You cannot view it again after you leave the page. Store it in a vault until you paste it into Iru.Plan for idle expiry: if no successful API call uses the token for 30 days, Okta invalidates it and you must create a new token.
6

Optional network restrictions

If your environment uses fixed egress IPs, optionally attach a network zone policy to the token per Okta’s documentation.
Continue on the Iru Compliance tab.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
Verify the token string, that the admin account is still active, and that the token was not revoked.
Recreate the token under SecurityAPITokens if it has been idle for 30 days.
The admin profile tied to the token may lack read access to some endpoints. Confirm at least Read-only Admin (or equivalent) for evidence you need.
Disconnect and reconnect, double-checking subdomain and region (US vs EMEA vs Gov vs preview).

Considerations

Treat API tokens like credentials

Treat API tokens like credentials. Prefer a service account with the minimum admin role that still satisfies evidence requirements.

Okta applies rate limits to Management API traffic;…

Okta applies rate limits to Management API traffic; large orgs may see longer sync times during first collection.

Iru reads data exposed by the APIs your token can…

Iru reads data exposed by the APIs your token can access - it cannot override Okta entitlements you do not grant.

Sources Management

Browse and manage every Compliance source.

Getting Started With Compliance

Frameworks, actions, and Artifacts.

Iru Overview

How Endpoint, Compliance, and Identity fit together.

Artifacts Management

Upload, review, and organize evidence from sources and actions.