Skip to main content


Okta is an identity and access management service for cloud-based SaaS applications. Many IT teams rely on Okta to help manage permissions, onboarding and offboarding of employees, and other important security practices.

Authenticate with Okta

To use Okta in Tonkean, you must first connect it as a data source:

  1. Select the main nav icon, grid.png, in the upper left and select Enterprise Components. The Enterprise Components screen displays.

  2. Select + New Data Source in the upper right.

  3. Select Cloud Application. The Add New Data Source window displays.

  4. Enter "Okta" in the search field, then select Okta. The New Okta Connection window displays.

  5. Select Create a new connection. The Set Up Data Source window displays.

  6. In the URL field, enter the subdomain of your Okta environment (for example,

  7. Generate an API token in Okta:

    1. Navigate and log in to your Okta account.

    2. In the sidenav, navigate to Security > API. The API screen displays.

    3. Select the Tokens tab.

    4. Select Create Token. The Create Token window displays.

    5. Enter a unique name for the token (for example "tonkean-okta"), then select Create Token. The newly-created token displays. Select the copy-to-clipboard button to copy the token. Then, save it for later use in a separate document.

      This is the last time you'll be able to view the decrypted token, so make sure you save it somewhere safe in case you need to reference it later.

  8. Return to Tonkean. In the API Key field, paste in the API token. When finished, select OK.

  9. If authentication is successful, a success message displays. Select OK to close the window.


Okta Permissions

When you connect an Okta account to Tonkean, it's important to note that all of the permissions in Okta (that is, create, edit, read-only) are mirrored in Tonkean. A user is able to create or update in Tonkean anything they are able to create or update in Okta.

Considering these equivalent permissions, make sure that the account you connect has the authority to perform all the actions your process requires in Tonkean while also being careful not to give Tonkean more access to Okta than is necessary.

Monitor Okta as an Input Source

Like most data sources, you can use Okta as the module input source:

  1. After creating a new module, select the input source tile. The Configure Input Source panel displays.

  2. Select Okta from the available data sources.

  3. Select the Okta items dropdown and select the entity to monitor. Okta items include all available objects in Okta (that is, Groups, Users, and UserGroups). The filter section displays.

  4. Select whether to monitor all entities of the selected type or to create a custom filter to monitor only specific entities. Then, if you select to create a custom filter, configure the conditions for the filter.


    When setting up a new input source, we recommend always adding a custom filter instead of monitoring all entities of the selected type. This ensures there's a smaller amount of data to monitor and respond to. For example, configuring the filter to monitor UserGroups with the Modified Date in the past 30 Days is a good place to start.

  5. When finished, select Preview Items & Save.

Your module is monitoring Okta.

Use Okta as an Action

In addition to monitoring an Okta instance, you can use actions to update and create new records in Okta based on triggers you create. To add an Okta action block, perform the following steps:

  1. On the module builder screen, add an action by selecting the plus icon, add_block.png, to the right of the Do arrow in your work flow. A new action block is created and the Action Block panel displays.

  2. Scroll down to the Data Actions section and select the Okta action. The Okta action panel displays.

  3. Configure the fields to perform any action relevant to your workflow.


You're leveraging Okta as an integrated part of your module workflow.