Enabling the Okta integration

How to enable the Okta integration

Permissions

  • MFA tracking - okta.users.read and Read-only admin role
  • Phishing sim - okta.users.manage and Organization admin role

Steps

  1. Click into your integrations tab
  2. Select the "Okta" integration 
  3. Click the "Enable" toggle
  4. A new window should pop up with the Okta set-up wizard
  5. Follow the steps on the wizard, or refer to the rest of this guide as the same steps will be posted below

Application

  1. Open your Okta Admin Console and go to Applications > Applications

  2. Click "Create App Integration"
  3. Choose "API Services" and click "Next
  4. Fill in the App integration name as: CultureAI Api Integration and click "Save"

Configure

  1. Click "Edit" on the "Client Credentials" section. 
  2. Change the "Client authentication" method to "Public key / Private key" and click "Add Key"
     
  3. Click "Generate new key
  4. Click "PEM" to get the key in PEM format, and take a copy of the private key, store this securely, you will not have another opportunity to retrieve this key and click "Done

  5. Click "Save
  6. Click "Edit" on the "General Settings" section. 
  7. Uncheck "Require Demonstrating Proof of Possession (DPoP) header in token requests" and click "Save". 

 

Scopes

  1. Change to the "Okta API Scopes" tab 
  2. Click "Grant" on "okta.users.read" NOTE: The integration will fail to enable if this is missing
  3. Click "Grant Access

Privilege

  1. Change to the "Admin Roles" tab and click "Edit assignments
  2. Select the "Read-only Administrator" from the left dropdown, and click "Save Changes

Authentication

Please provide the following information and fill them out in the wizard

  • Okta URL  
  • Client ID   
  • Private Key 
  • Authorization Server Name 

Click the "Authenticate with Okta" button

You're done!