# Okta Authentication This page describes the authentication methods supported by Okta inputs (e.g., Users, Groups, Apps, System Log). These methods do not apply to Auth0-based inputs. ## Authentication Methods Okta inputs support two authentication methods: | Method | Description | |--------|-------------| | API Key | Simple token-based auth using an Okta API token. | | OAuth 2.0 (Service App) | Machine-to-machine OAuth 2.0 using a public/private key pair. | --- ## API Key The API Key method is the simpler option and is sufficient for most use cases. ### Requirements - An Okta API token scoped to your organization. - Instructions [here](https://developer.okta.com/docs/guides/create-an-api-token/main/). - Your Okta Organization URL. - When on the Okta Admin Dashboard, if your URL is `https://companyname-admin.okta.com/admin/dashboard` then your org URL is `https://companyname.okta.com`. - Edge cases and alternate URL formats are documented [here](https://developer.okta.com/docs/concepts/okta-organizations/#org-urls). ### Configuration #### Settings | Setting | Type | Required | Description | |---------|------|----------|-------------| | Org URL | string | Yes | Your Okta Organization URL (e.g. `https://yourorg.okta.com`). | | Cron | string | Yes | A cron expression defining how often to run the input. | #### Secrets | Secret | Type | Required | Description | |--------|------|----------|-------------| | API Key | string | Yes | Your Okta API token. | --- ## OAuth 2.0 (Service App) The OAuth 2.0 method uses a service application with a public/private key pair to authenticate against the Okta API. This follows Okta's [OAuth for service apps](https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/main/) flow. ### Setup **1. Create a Service App Integration** 1. Sign in to your Okta Admin Console. 2. Navigate to **Applications > Applications** and click **Create App Integration**. 3. Select **API Services** as the sign-in method and click **Next**. 4. Provide a name for the application and click **Save**. **2. Note the Client ID** On the app's **General** tab, copy the **Client ID** — you will need this later. **3. Configure Public Key / Private Key Authentication** 1. On the app's **General** tab, scroll to the **Client Credentials** section and click **Edit**. 2. Change the **Client authentication** type to **Public key / Private key**. 3. Click **Add key**, then **Generate new key**. Okta will generate a public/private key pair. 4. Copy and save the **private key** immediately — this is the only time it will be shown. 5. Note the **Key ID (kid)** displayed for the generated key pair. 6. Click **Save**. **4. Disable DPoP** On the app's **General** tab under **General Settings**, ensure that **Require Demonstrating Proof of Possession (DPoP) header in token requests** is **disabled**. **5. Grant OAuth Scopes** On the **Okta API Scopes** tab, grant the scopes required by the specific Okta input you are configuring (e.g. `okta.users.read`, `okta.apps.read`). Look at the secrets section of the specific Okta input's docs to understand what permissions must be granted. ### Configuration #### Settings | Setting | Type | Required | Description | |---------|------|----------|-------------| | Org URL | string | Yes | Your Okta Organization URL (e.g. `https://yourorg.okta.com`). | | Cron | string | Yes | A cron expression defining how often to run the input. | #### Secrets | Secret | Type | Required | Description | |--------|------|----------|-------------| | RSA Private Key | string | Yes | The RSA private key generated when creating the key pair in your Okta service app. | | Client ID | string | Yes | The OAuth 2.0 Client ID from your Okta service app. | | Key ID | string | Yes | The Key ID (kid) associated with the RSA key pair in your Okta service app. | --- ## Related Articles - [Create an Okta API token](https://developer.okta.com/docs/guides/create-an-api-token/main/) - [Implement OAuth 2.0 for Okta service apps](https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/main/) - [Okta organization URLs](https://developer.okta.com/docs/concepts/okta-organizations/#org-urls)