Okta Connector

The Okta connector syncs users, groups, applications, and assignments from your Okta organization.

What Gets Synced

Users
Groups
Applications
App assignments

Discovery

When discovery is enabled, the connector also ingests Okta activity evidence used for SaaS discovery.

Prerequisites

Okta admin access
An API token that can read the data you want Open-SSPM to sync

Setup Instructions

1. Create an API Token

Open the Okta Admin Console
Go to Security → API → Tokens
Create a token for Open-SSPM
Copy the value

2. Determine Your Okta Domain

Use the Okta host without the https:// prefix, for example:

yourcompany.okta.com
yourcompany.oktapreview.com

3. Configure in Open-SSPM

Go to Settings → Connectors
Open the Okta connector
Enter:
- Domain
- API token
- Discovery enabled if you want SaaS discovery
Save the configuration
Trigger a sync

Settings

Setting	Required	Description
Domain	Yes	Okta host, for example `yourcompany.okta.com`
API Token	Yes	Okta API token
Discovery enabled	No	Enable discovery evidence ingestion

Sync Tuning

bash

SYNC_OKTA_INTERVAL=15m
SYNC_OKTA_WORKERS=3

Troubleshooting

Invalid Token

Regenerate the token and update the connector

Access Denied

Verify the token can read users, groups, applications, and assignments
For discovery, verify the token owner can access the required log data

Discovery Data Missing

Enable discovery on the connector
Make sure SYNC_DISCOVERY_ENABLED=1
Run the discovery worker

Okta Connector ​

What Gets Synced ​

Discovery ​

Prerequisites ​

Setup Instructions ​

1. Create an API Token ​

2. Determine Your Okta Domain ​

3. Configure in Open-SSPM ​

Settings ​

Sync Tuning ​

Troubleshooting ​

Invalid Token ​

Access Denied ​

Discovery Data Missing ​