# Okta Integration Integrating with Okta can give Rezonate complete visibility into assets, privileges, and activities. You can integrate with Okta by providing Rezonate with read-only access via an API Key or OAuth service. This document explains how to implement the OAuth method, which is considered more secure and cost-effective. **There are 3 different, supported ways to integrate Rezonate with Okta, all explained in this document:** 1. By Generating an API Key 2. Through the Okta Marketplace 3. By Generating Custom SSH Key ## ## API Key Integration ### Method For this method, a read-only administrative API key is needed. this can be generated from the admin console. after creating the key, save and insert the Okta domain & the API Key.

## Okta Store Integration 1. Sign in to your Okta Admin Panel, and select **API Service Integrations.** 2. In the integrations list, select Rezonate Security. 3. After reviewing the permissions click "Install & Authorize"

1. Take note of the application Client-id & Client-secret. 2. Login to the Rezonate Console, and click the settings button in the top menu
3. On the side menu, select Cloud Integrations
4. Click the "New Integration" Button
5. Select Okta Integration from the new drawer that opened
6. Fill out the form, entering your okta domain and then clicking "I have store integration", and fill in the client-id and secret key you collected in step number 2.

## OAuth Method ### Prerequisites Before you begin, generate a temporary API key to use when creating the limited read-only OAuth application to assign its scopes. You can delete this API key after the process. ### Method You perform OAuth integration through raw HTTP requests. Rezonate has developed a script to automatically create the application, and make the process easier and faster. 1. Install Python 3.6+ 2. Install the [cryptography](https://pypi.org/project/cryptography/) and [pyjwkest](https://pypi.org/project/pyjwkest/) Python libraries using the following pip commands: ``` pip install cryptography ``` ``` pip install pyjwkest ``` 3. Run the **okta\_integration\_script.py** (attached below)script with the tenant ID and the temporary API token:

python okta_integration_script.py --tenant-id TENANT_ID --api-token XXX_API_TOKEN

The TENANT\_ID is your Okta Identifier, which is the subdomain in the Okta domain. For example, in the case of rezonate.okta.com, the tenant\_id is rezonate. After executing the script (which will take approximately 1-2 minutes), save the output (the tenant\_id, application\_id, and private key). ![okta\_integration.png](https://rezonate.zendesk.com/hc/article_attachments/7969439960349) ## Response & Remediation actions prerequisites Rezonate allows an automatic, on-demand, and scheduled execution of response & remediation actions in Okta.

To enable this capability, you will need to provide Rezonate with the following permissions: ``` 'okta.users.manage', 'okta.groups.manage' ``` {% file src="" %}