Okta
Summary
Okta is an ownership platform. You can use Okta to drive insights into values such as:
- Authentication
- Ownership
- SCIM
For SSO and/or SCIM, read our Okta SSO Guide and Okta SCIM Guide.
Setup
You'll first need to create an API token. Given Okta ties tokens to administrators, your administrator's role will need at the minimum View groups permissions.
- Fetch your Okta
domainby logging into Okta, and get the prefix in the url. For example, our URL ishttps://**{cortex}**.okta.com, wherecortexis the prefix. - Create an API token by logging into Okta. You must have administrator privileges for the Okta account in order to generate a token.
Once you've created an API Token, add it under Settings → Okta.
Granting the proper scopes
In the Okta Developer Console select the "Okta API Scopes" tab and grant Cortex the following scopes:
- okta.groups.read
- okta.profileMappings.read
- okta.users.read
Failure to grant access to these scopes could result in features in Cortex not working as expected.
If you do not see the settings page you're looking for, you likely don't have the proper permissions and need to contact your admin.
Registration
Cortex can pull team memberships from Okta groups.
Entity descriptor
You can define the following block in your Cortex entity descriptor to add your Okta group as an owner.x-cortex-owners:
- type: group
name: Engineering # group name in Okta
provider: OKTA
description: This is a description for this owner # optional
The group name is case-sensitive and should be exactly the same as in Okta.
Troubleshooting
- I've added an API token but the login is still using Google.
- To set up Okta for SSO, use the Okta SSO Guide.