# Okta Integration

Integrating with Okta can give Rezonate complete visibility into assets, privileges, and activities. You can integrate with Okta by providing Rezonate with read-only access via an API Key or OAuth service. This document explains how to implement the OAuth method, which is considered more secure and cost-effective.

 

**There are 3 different, supported ways to integrate Rezonate with Okta, all explained in this document:**

1. By Generating an API Key
2. Through the Okta Marketplace
3. By Generating Custom SSH Key

## &#x20; <a href="#h_01hkzn87199yp18gz5pdpz595e" id="h_01hkzn87199yp18gz5pdpz595e"></a>

## API Key Integration <a href="#h_01hcwm6h423b0f5yx317k8x9yt" id="h_01hcwm6h423b0f5yx317k8x9yt"></a>

### Method <a href="#h_01hcwm6h428fyaxz2h1zd9679q" id="h_01hcwm6h428fyaxz2h1zd9679q"></a>

For this method, a read-only administrative API key is needed. this can be generated from the admin console. after creating the key, save and insert the Okta domain & the API Key.

<figure><img src="/files/PWXrCDPeULPTocpo5iX1" alt=""><figcaption></figcaption></figure>

## Okta Store Integration <a href="#h_01hkzn342k7c3dzvys1zsh46fv" id="h_01hkzn342k7c3dzvys1zsh46fv"></a>

1. Sign in to your Okta Admin Panel, and select **API Service Integrations.**
2. In the integrations list, select Rezonate Security.
3. After reviewing the permissions click "Install & Authorize"<br>

<br>

<figure><img src="/files/tS9Rb5aIaSJFT6VfW7lb" alt=""><figcaption></figcaption></figure>

1. Take note of the application Client-id & Client-secret.
2. Login to the Rezonate Console, and click the settings button in the top menu<br>
3. On the side menu, select Cloud Integrations<br>
4. Click the "New Integration" Button<br>
5. Select Okta Integration from the new drawer that opened<br>
6. Fill out the form, entering your okta domain and then clicking "I have store integration", and fill in the client-id and secret key you collected in step number 2.<br>

<figure><img src="/files/CX1jXbI7wZp8r83gEUGL" alt="" width="563"><figcaption></figcaption></figure>

## OAuth Method <a href="#h_01hcwm6h41yhr14nsxea659050" id="h_01hcwm6h41yhr14nsxea659050"></a>

### Prerequisites <a href="#h_01hcwm6h41eqa38mamr8ngff2z" id="h_01hcwm6h41eqa38mamr8ngff2z"></a>

Before you begin, generate a temporary API key to use when creating the limited read-only OAuth application to assign its scopes. You can delete this API key after the process.

### Method <a href="#h_01hcwm6h41x10yk0ebjjw8cr4d" id="h_01hcwm6h41x10yk0ebjjw8cr4d"></a>

You perform OAuth integration through raw HTTP requests. Rezonate has developed a script to automatically create the application, and make the process easier and faster.

1. Install Python 3.6+
2. Install the [cryptography](https://pypi.org/project/cryptography/) and [pyjwkest](https://pypi.org/project/pyjwkest/) Python libraries using the following pip commands:

   ```
   pip install cryptography
   ```

   ```
   pip install pyjwkest
   ```
3. Run the **okta\_integration\_script.py** (attached below)script with the tenant ID and the temporary API token:

   <pre><code><strong>python okta_integration_script.py --tenant-id TENANT_ID --api-token XXX_API_TOKEN
   </strong></code></pre>

The TENANT\_ID is your Okta Identifier, which is the subdomain in the Okta domain. For example, in the case of rezonate.okta.com, the tenant\_id is rezonate.

After executing the script (which will take approximately 1-2 minutes), save the output (the tenant\_id, application\_id, and private key).

![okta\_integration.png](https://rezonate.zendesk.com/hc/article_attachments/7969439960349)

## Response & Remediation actions prerequisites

Rezonate allows an automatic, on-demand, and scheduled execution of response & remediation actions in Okta.

<figure><img src="/files/r0jfRJUp6XqlPOX9DfQe" alt=""><figcaption><p>Available response actions in Okta</p></figcaption></figure>

To enable this capability, you will need to provide Rezonate with the following permissions:

```
'okta.users.manage',
'okta.groups.manage'
```

{% file src="/files/KJ0j7xcMpqy9KwMVlcqw" %}

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kb.rezonate.io/core-integrations/okta-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.