Ctrlk
Sprinto DashboardAPI Reference

Okta Integration

Connect Okta with Sprinto to automate user access reviews, identity management, and employee group sync for compliance.

Okta is a cloud-based identity and access management (IAM) platform that enables secure access to applications and systems.

Sprinto’s Okta integration helps you:

  • Sync employee data for compliance monitoring

  • Automate access reviews and identity checks

  • Track MFA status and user access

  • Map employee groups for access governance

This integration supports:

  • Identity Provider

  • Access Review

  • Employee Groups

Sprinto checks for Okta integration

Sprinto check
Reference procedure/ Required action

Okta access should be removed for offboarded user

How to fix

Okta user should have MFA enabled

The following Sprinto check gets activated against a staff member when Okta detects the MFA is disabled on their Okta account.

The respective staff member must enable the MFA configuration on their Okta account to resolve this check. Refer to Okta documentation for detailed steps.

How it works

Sprinto connects to your Okta account using an API token and retrieves user, group, and application data.

  • Sprinto periodically fetches users, groups, and access data from Okta

  • It evaluates this data against compliance controls (for example, MFA enforcement, access reviews)

  • Any deviations trigger checks and remediation actions in Sprinto

Prerequisites

Before setting up the integration, ensure the following:

  • You have admin access to your Okta account

  • You can create API tokens in Okta

  • Your Okta account has a paid plan (if applicable)

  • You have access to the Okta Admin Console

Permissions required

Required OAuth scopes

  • okta.apps.read – Required to fetch applications

  • okta.users.read – Required to fetch users and user-related data

API endpoints used

Sprinto uses the following Okta APIs:

  • api/v1/users/me – Validate connection

  • api/v1/apps – Fetch applications

  • api/v1/users – Fetch active users

  • api/v1/users/${userId}/groups – Fetch user groups

  • api/v1/groups – Fetch all groups

  • api/v1/groups/${groupId}/users – Fetch users in a group

  • api/v1/apps/${appId}/groups – Fetch app groups

  • api/v1/apps/${appId}/users – Fetch users assigned to an app

  • api/v1/apps/${appId}/users/${userId} – Verify user assignment

  • api/v1/users/${userId}/factors – Check MFA status

Roles that can create API tokens

The following roles can create API keys in Okta:

  • Super Administrator

  • Organisation Administrator (Org Admin)

  • Group Administrator

  • Group Membership Administrator

  • Read-only Administrator

Important considerations

  • API tokens inherit the permissions of the admin who creates them

  • If the admin’s role changes, the token’s permissions are updated automatically

  • It is recommended to:

    • Create a dedicated service account

    • Assign only required permissions to that account

Set up the Integration

Step 1: Navigate to Okta integration

  1. Log in to the Sprinto dashboard.

  2. Go to Settings → Integrations.

  3. In the All tab, search for Okta.

  4. Click Connect.

Step 2: Review permissions

  1. In the integration drawer:

    • Review controls and checks automated.

    • Review permissions required.

    • Review data accessed by Sprinto.

  2. Click Next.

Step 3: Generate API token in Okta

  1. Log in to your Okta Admin Console.

  2. Navigate to Security → API.

  3. Go to the Tokens tab.

  4. Click Create Token.

  5. Enter a name (for example, sprinto-audit).

  6. Copy the generated API token and store it securely.

Step 4: Add credentials in Sprinto

  1. Enter the following details:

    • Okta Domain (for example, https://company.okta.com)

    • API Token

  2. Click Connect Okta.

Once successful, the integration is established.

Post-connection flow

Add Okta as a staff information provider

  1. Go to Data Library → People → Configuration.

  2. Click Add Staff next to Staff information providers.

  1. Select Add Staff from HRMS or identity providers.

  2. Select Okta.

  1. Click Add Okta.

You should see Connected next to Okta.

Data sync and evaluation

  • Initial data sync takes 15–20 minutes.

  • Full evaluation and control activation may take up to 24 hours.

To manually refresh data:

  1. Go to Data Library → People → Configuration.

  2. Click Manage.

  3. Click Sync next to Okta.

Troubleshooting

Connection failed

  • Verify the Okta domain format includes https:// .

  • Ensure the API token is valid and not expired.

  • Confirm the admin has sufficient permissions.

Missing users or groups

  • Trigger a manual sync from the People section.

  • Ensure users are active in Okta.

  • Verify group assignments in Okta.

MFA checks not working

  • Ensure MFA is enabled for users in Okta.

  • Verify Sprinto has access to user factors via API.

Support

If you have any questions or run into issues while setting up or using the Okta integration, contact the Sprinto support team for assistance.

PreviousOffice 365 Vendor Discovery IntegrationNextOpenVPN Integration

Last updated