App Inventory
Fetches application data from Okta for continuous visibility into app provisioning and access control.
Sync Type: Full Synchronisation
Authentication
This input supports API Key and OAuth 2.0 (service app) authentication. See Okta Authentication for setup instructions and required credentials for each method.
Details
Monad uses the cron field to run this input on specific intervals and returns all applications' details, performing a full sync of data each time.
Configuration
The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
| Org URL | string | Yes | Your Okta Organization URL. |
| Cron | string | Yes | A cron expression defining how often to fetch user data. |
Secrets
Secrets vary by authentication method. See Okta Authentication for details. If using the Oauth flow, the token should be granted the okta.apps.read scope.
Custom Schema Handling
If the source data doesn't align with any of the OpenSecurityControlFramework (OSCF) schemas, you can create a custom transformation using our JQ transform pipeline. For example:
{
metadata: {
schema_version: "1.0.0",
custom_framework: "my_framework"
},
controls: .[]
}
For more information on JQ and how to write your own JQ transformations see the JQ docs here.
If you believe this data source should be included in the standard OSCF schema set, please reach out to our team at support@monad.com. We're always looking to expand our coverage of security control frameworks based on community needs.
Related Articles
- https://help.okta.com/en-us/content/topics/security/api.htm
- https://developer.okta.com/docs/reference/api/apps/#list-applications
Sample Record
{
"id": "0oa1gjh63g214q0Hq0g4",
"name": "testorgone_customsaml20app_1",
"label": "Custom Saml 2.0 App",
"status": "ACTIVE",
"lastUpdated": "2025-08-11T23:46:51.84619Z",
"created": "2025-08-11T23:46:51.846195Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"testorgone_customsaml20app_1_link": true
}
},
"features": [],
"signOnMode": "SAML_2_0",
"credentials": {
"userNameTemplate": {
"template": "${fn:substringBefore(source.login, \"@\")}",
"type": "BUILT_IN"
},
"signing": {}
},
"settings": {
"app": {},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED",
"message": null,
"helpUrl": null
}
}
},
"signOn": {
"defaultRelayState": "",
"ssoAcsUrl": "https://{yourOktaDomain}",
"idpIssuer": "http://www.okta.com/${org.externalKey}",
"audience": "https://example.com/tenant/123",
"recipient": "http://recipient.okta.com",
"destination": "http://destination.okta.com",
"subjectNameIdTemplate": "${user.userName}",
"subjectNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"responseSigned": true,
"assertionSigned": true,
"signatureAlgorithm": "RSA_SHA256",
"digestAlgorithm": "SHA1",
"honorForceAuthn": true,
"authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
"slo": {
"enabled": true,
"spIssuer": "https://testorgone.okta.com",
"logoutUrl": "https://testorgone.okta.com/logout"
},
"participateSlo": {
"enabled": true,
"logoutRequestUrl": "https://testorgone.okta.com/logout/participate",
"sessionIndexRequired": true,
"bindingType": "REDIRECT"
},
"spCertificate": {
"x5c": [
"MIIFnDCCA4QCCQDBSLbiON2T1zWEIUOFGIHD2EOWQIPHFU1haW5lMRAwDgYDVQQQE'F0PHIJWE'AISBCNKWEluYzEUMBIGA1UECwwLRW5EQILFYVKSBCIEDWUKVBCG;IUWE;KSAVBCD..."
]
}
}
}
}