Connecting Okta Adapter using OAuth
Support avatar
Written by Support
Updated over a week ago

Salto’s Okta Adapter supports OAuth based authentication.

In order to connect to Okta using OAuth, you need to set up an OIDC application in your Okta tenant.

Certain elements can't be fetched when connecting with OAuth, such as Group Push and certain Settings (See "Types that can't be fetch" for the full list). To fetch these, use API Token authentication.

Salto's OIN application

Setup

  1. Add Salto's OIDC App - In your Okta tenant, go to the application tab, browse the OIN catalog and search for "Salto Okta Adapter OAuth".

  2. Assign Users or Groups - Assign users and / or groups to the created application.

    💡 Important Ensure that the user selected for the initial OAuth login has a super administrator role.

  3. Connect to Salto - when connecting a new application, select Okta and choose "OAuth". Copy the Client ID and Client Secret for the OIDC app you created in the previous steps, and connect.

Creating a custom OIDC OAuth integration

To limit Salto to read-only access, or to adjust any scope, you can create your own OIDC custom application. To do so, please follow this guide: https://help.salto.io/en/articles/8721163-connecting-okta-adapter-using-oauth

Scopes used by Salto

okta.orgs.manage
okta.apps.manage
okta.authenticators.manage
okta.authorizationServers.manage
okta.behaviors.manage
okta.brands.manage
okta.deviceAssurance.manage
okta.domains.manage
okta.eventHooks.manage
okta.features.read
okta.groups.manage
okta.idps.manage
okta.inlineHooks.manage
okta.networkZones.manage
okta.policies.manage
okta.profileMappings.manage
okta.rateLimits.manage
okta.roles.manage
okta.schemas.manage
okta.templates.manage
okta.trustedOrigins.manage
okta.userTypes.manage
okta.users.read
okta.emailDomains.manage
okta.linkedObjects.manage

Did this answer your question?