# Okta Integration Okta is a cloud-based identity and access management (IAM) platform that enables secure access to applications and systems. Sprinto’s Okta integration helps you: * Sync employee data for compliance monitoring * Automate access reviews and identity checks * Track MFA status and user access * Map employee groups for access governance This integration supports: * Identity Provider * Access Review * Employee Groups #### Sprinto checks for Okta integration
Sprinto checkReference procedure/ Required action
Okta access should be removed for offboarded userHow to fix
Okta user should have MFA enabled

The following Sprinto check gets activated against a staff member when Okta detects the MFA is disabled on their Okta account.

The respective staff member must enable the MFA configuration on their Okta account to resolve this check. Refer to Okta documentation for detailed steps.

*** ### How it works Sprinto connects to your Okta account using an API token and retrieves user, group, and application data. * Sprinto periodically fetches users, groups, and access data from Okta * It evaluates this data against compliance controls (for example, MFA enforcement, access reviews) * Any deviations trigger checks and remediation actions in Sprinto *** ### Prerequisites Before setting up the integration, ensure the following: * You have **admin access** to your Okta account * You can create API tokens in Okta * Your Okta account has a **paid plan** (if applicable) * You have access to the Okta Admin Console *** ### Permissions required #### Required OAuth scopes * `okta.apps.read` – Required to fetch applications * `okta.users.read` – Required to fetch users and user-related data #### API endpoints used Sprinto uses the following Okta APIs: * `api/v1/users/me` – Validate connection * `api/v1/apps` – Fetch applications * `api/v1/users` – Fetch active users * `api/v1/users/${userId}/groups` – Fetch user groups * `api/v1/groups` – Fetch all groups * `api/v1/groups/${groupId}/users` – Fetch users in a group * `api/v1/apps/${appId}/groups` – Fetch app groups * `api/v1/apps/${appId}/users` – Fetch users assigned to an app * `api/v1/apps/${appId}/users/${userId}` – Verify user assignment * `api/v1/users/${userId}/factors` – Check MFA status #### Roles that can create API tokens The following roles can create API keys in Okta: * Super Administrator * Organisation Administrator (Org Admin) * Group Administrator * Group Membership Administrator * Read-only Administrator #### Important considerations * API tokens inherit the permissions of the admin who creates them * If the admin’s role changes, the token’s permissions are updated automatically * It is recommended to: * Create a **dedicated service account** * Assign only required permissions to that account *** ### Set up the Integration #### Step 1: Navigate to Okta integration 1. Log in to the Sprinto dashboard. 2. Go to **Settings → Integrations.** 3. In the **All** tab, search for **Okta.** 4. Click **Connect.**
*** #### Step 2: Review permissions 1. In the integration drawer: * Review **controls and checks** automated. * Review **permissions required.** * Review **data accessed by Sprinto.** 2. Click **Next.**
*** #### Step 3: Generate API token in Okta 1. Log in to your **Okta Admin Console.** 2. Navigate to **Security → API.** 3. Go to the **Tokens** tab. 4. Click **Create Token.** 5. Enter a name (for example, `sprinto-audit`). 6. Copy the generated API token and store it securely. *** #### Step 4: Add credentials in Sprinto 1. Enter the following details: * **Okta Domain** (for example, `https://company.okta.com`) * **API Token** 2. Click **Connect Okta.** Once successful, the integration is established.
*** ### Post-connection flow #### Add Okta as a staff information provider 1. Go to **Data Library → People → Configuration.** 2. Click **Add Staff** next to **Staff information providers.**
3. Select **Add Staff from HRMS or identity providers.** 4. Select **Okta**.
5. Click **Add Okta.** You should see **Connected** next to Okta. *** #### Data sync and evaluation * Initial data sync takes **15–20 minutes.** * Full evaluation and control activation may take up to **24 hours.** To manually refresh data: 1. Go to **Data Library → People → Configuration.** 2. Click **Manage.** 3. Click **Sync** next to Okta. *** ### Troubleshooting #### Connection failed * Verify the **Okta domain** format includes `https://` . * Ensure the API token is valid and not expired. * Confirm the admin has sufficient permissions. *** #### Missing users or groups * Trigger a manual sync from the People section. * Ensure users are active in Okta. * Verify group assignments in Okta. *** #### MFA checks not working * Ensure MFA is enabled for users in Okta. * Verify Sprinto has access to user factors via API. *** ### Support If you have any questions or run into issues while setting up or using the Okta integration, contact the Sprinto support team for assistance. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/integrations/overview/okta-integration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.