This article will walk you through setting up the Okta Identity Management Integration to enable application event ingestion. At this time, the integration provides visibility into which applications your users are accessing and when, helping you monitor activity across your organization.
Prerequisites
Before installing the Okta integration, ensure that you have:
- Auvik Agent deployed or the Microsoft Entra ID or Google Workspace integration connected to create the user profiles needed to log the Okta events against
- Required Auvik SaaS permissions to install integrations
- From the Partner Hub: Default Admin
- From the Client Hub: Client Admin
- A valid account for Okta with any necessary administrative privileges required
- An active subscription for Okta
Generating a Client ID and Private Key;
- Log in to your Okta Admin Console
- Navigate to Applications > Applications
- Select Create App Integration
- Select API Services, then Next
- Enter a Name, such as Auvik SaaS
- Within the General Tab
- Edit the Client Credentials to select Public key / Private key
- Within Public Keys, select Add key, then Generate New Key
- Under Private Key, select PEM, Copy to Clipboard, then Done. Note this key will not be available once the window is closed - ensure it is stored in a safe place as it will be required during Configuration and Setup
- Under General Settings, select Edit, and deselect Proof of possession, then Save
- Within the Okta API Scopes Tab grant the following permissions;
- okta.apps.read
- okta.users.read
- okta.logs.read
- okta.apps.manage
- okta.eventHooks.manage
- Within the Admin roles, ensure you have a Super Admin assigned
- Select Edit Assignments, Select Super Admin, then Save Changes
Configuration & Setup
The Okta integration can be configured using Client credentials.
- Navigate to the Okta Identity Management Integration
- From the Partner Hub > Org Preferences > Integrations > Clients Tab
- From the Admin Hub > Utilities > Identity Management Integration
- Select Configure
- Input your Okta Domain including the .com, Client ID and Private Key
- Ensure the Private Key is pasted in PEM format
- Select Connect
Upon successful configuration of the integration, a confirmation notification will appear in the bottom-right corner of the screen. Please note that application event data may take up to 24 hours to populate within the platform.
Event details can be reviewed from the Client's Security Logs, as well as within individual Application or User pages. Only events associated with users that already exist within the Auvik SaaS platform will be visible.
Common Errors & How to Resolve Them
Private key is incorrect format
This usually means your key isn’t in the expected PKCS#1 PEM format. Ensure the file begins with -----BEGIN RSA PRIVATE KEY----- and ends with -----END RSA PRIVATE KEY-----, then upload this .pem file. Refer to Step 6 from the Generating a Client ID and Private Key section above for instructions on how to generate the Private Key in the PEM format.
URL is incorrect/invalid
Verify that the URL you entered matches your Okta domain exactly and includes the https:// prefix. When setting up your OAuth 2.0 app, your redirect URIs must precisely match the URLs configured in the Okta Admin Console under your app’s Sign-in redirect URIs.
Incorrect client ID
This error often stems from using an invalid or mis-typed client ID. Open the Okta Admin Console, navigate to Applications → Your App → General tab, and copy the Client ID exactly as shown. Then confirm that the client type and grant settings align to step 7 and 8 from the Generating a Client ID and Private Key section above.