Okta

Overview

Euno integrates with Okta to observe users and groups from your identity and access management system. This integration enables you to track user accounts, groups, and group memberships in your data model, providing visibility into organizational structure and access patterns.

Euno's Okta integration supports auto-discovery of the following resources:

• Users (user)

• User groups (user_group)

Requirements

To ingest metadata from Okta, you will need:

• An Okta organization account

• An Okta API token with appropriate permissions:

  • okta.users.read - Read user information

  • okta.groups.read - Read group information

  • okta.groups.members.read - Read group membership information

Setup Instructions

Step 1: Create an Okta API Token

1. Sign in to your Okta Admin Console

2. Navigate to Security → API → Tokens

3. Click Create Token

4. Enter a name for the token (e.g., "Euno Integration")

5. Click Create Token

6. Important: Copy the token value immediately. You won't be able to see it again after closing the dialog.

Step 2: Configure the Integration in Euno

1. In Euno, navigate to Sources → Add Integration

2. Select Okta from the list of available integrations

3. Fill in the configuration:

   • Okta Domain: Your Okta organization domain (e.g., dev-12345.okta.com or yourcompany.okta.com)

   • API Token: The API token you created in Step 1

4. Click Save to create the integration

Step 3: Run the Crawler

1. After creating the integration, you can trigger a manual crawl by clicking Run Now on the integration page

2. The integration will automatically crawl on its configured schedule (default: every 2 hours)

What Euno Discovers

Users

Euno observes all users from your Okta organization. For each user, Euno captures:

• Email address (used as the primary identifier)

• Display name

• Full raw user object from Okta API (stored in okta_raw_user_object property)

User Groups

Euno observes all groups from your Okta organization. For each group, Euno captures:

• Group name

• Group ID (native ID)

• Creation timestamp

• Group members (users and nested groups)

• Full raw group object from Okta API (stored in okta_raw_group_object property)

Group Memberships

Euno observes group memberships:

• Direct user memberships (users that are members of groups)

Note: Nested groups (groups that are members of other groups) are not currently supported, but all groups in your Okta organization are observed as separate resources.

Configuration Options

The Okta integration has the following configuration options:

Troubleshooting

Authentication Errors

If you encounter authentication errors (401/403):

• Verify that your API token is correct and hasn't expired

• Ensure the API token has the required permissions (okta.users.read, okta.groups.read, okta.groups.members.read)

• Check that your Okta domain is correct (should match your organization's domain)

Missing Users or Groups

If users or groups are not appearing in Euno:

• Verify that the API token has read permissions for the resources you expect to see

• Check the integration run report for any errors or warnings

• Ensure the resources exist in your Okta organization

Group Members Not Showing

If group members are not being observed:

• Verify that the API token has okta.groups.members.read permission

• Check that the groups have members assigned in Okta

• Review the integration logs for any API errors when fetching group members

Feature Flag

The Okta integration is currently behind a feature flag (showOktaIntegration). Contact your Euno administrator to enable this integration if it's not visible in your instance.