# Okta ## Overview Euno integrates with Okta to observe users and groups from your identity and access management system. This integration enables you to track user accounts, groups, and group memberships in your data model, providing visibility into organizational structure and access patterns. Euno's Okta integration supports auto-discovery of the following resources: * Users (`user`) * User groups (`user_group`) ## Requirements To ingest metadata from Okta, you will need: * An Okta organization account * An Okta API token with appropriate permissions: * `okta.users.read` - Read user information * `okta.groups.read` - Read group information * `okta.groups.members.read` - Read group membership information ## Setup Instructions ### Step 1: Create an Okta API Token 1. Sign in to your [Okta Admin Console](https://admin.okta.com/) 2. Navigate to **Security** → **API** → **Tokens** 3. Click **Create Token** 4. Enter a name for the token (e.g., "Euno Integration") 5. Click **Create Token** 6. **Important**: Copy the token value immediately. You won't be able to see it again after closing the dialog. ### Step 2: Configure the Integration in Euno 1. In Euno, navigate to **Sources** → **Add Integration** 2. Select **Okta** from the list of available integrations 3. Fill in the configuration: * **Okta Domain**: Your Okta organization domain (e.g., `dev-12345.okta.com` or `yourcompany.okta.com`) * **API Token**: The API token you created in Step 1 4. Click **Save** to create the integration ### Step 3: Run the Crawler 1. After creating the integration, you can trigger a manual crawl by clicking **Run Now** on the integration page 2. The integration will automatically crawl on its configured schedule (default: every 2 hours) ## What Euno Discovers ### Users Euno observes all users from your Okta organization. For each user, Euno captures: * Email address (used as the primary identifier) * Display name * Full raw user object from Okta API (stored in `okta_raw_user_object` property) ### User Groups Euno observes all groups from your Okta organization. For each group, Euno captures: * Group name * Group ID (native ID) * Creation timestamp * Group members (users and nested groups) * Full raw group object from Okta API (stored in `okta_raw_group_object` property) ### Group Memberships Euno observes group memberships: * Direct user memberships (users that are members of groups) **Note**: Nested groups (groups that are members of other groups) are not currently supported, but all groups in your Okta organization are observed as separate resources. ## Configuration Options The Okta integration has the following configuration options: | Option | Description | Required | | ------------- | ---------------------------------------------------------- | -------- | | `okta_domain` | Your Okta organization domain (e.g., `dev-12345.okta.com`) | Yes | | `api_token` | Okta API token with read permissions | Yes | ## Troubleshooting ### Authentication Errors If you encounter authentication errors (401/403): * Verify that your API token is correct and hasn't expired * Ensure the API token has the required permissions (`okta.users.read`, `okta.groups.read`, `okta.groups.members.read`) * Check that your Okta domain is correct (should match your organization's domain) ### Missing Users or Groups If users or groups are not appearing in Euno: * Verify that the API token has read permissions for the resources you expect to see * Check the integration run report for any errors or warnings * Ensure the resources exist in your Okta organization ### Group Members Not Showing If group members are not being observed: * Verify that the API token has `okta.groups.members.read` permission * Check that the groups have members assigned in Okta * Review the integration logs for any API errors when fetching group members --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.euno.ai/sources/identity-and-organization/okta-integration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.