docs Okta API Services
Launch Nametag Get help

Okta API Services Integration

This document describes how to configure Okta with an API Services application.

This is an alternative to the more usual integration through Okta Integration Network described here.

Set up the Okta API services application

  1. In your Okta administrator dashboard, go to the Applications tab and select the Add Application button.

  2. Choose Create App integration and choose API Services.

  3. When prompted name your application Nametag (or whatever you like) and select Save.

    New API service integration

  4. In the Client credentials section select Public key / Private key.

  5. Copy the Client ID from the Client Credentials tab. You’ll need this later.

  6. In the Public keys section select Use a URL to fetch keys dynamically.

  7. Enter the following URL in the URL text box:

    https://nametag.co/directories/oauth2/jwks

  8. In the General Settings pane, un-check Require Demonstrating Proof of Possession (DPoP) header in token requests.

Okta application general configuration

Create Okta resources

You will need to ensure you have an appropriate role and resource set to assign to this application.

  1. For the role, Go to Security > Administrators. Select the Roles tab and select Create new role.

    You can call this role Nametag or whatever you prefer. Ensure you select the Manage user permission under the User section. Under the Group section, nestled in the Manage groups permissions you should select Manage group membership and View groups and their details.

    Edit role

  2. For the resource set, Go to Security > Administrators. Select the Resources tab and select Create new resource set.

    You can call this resource set Nametag or whatever you prefer. Ensure you add the Group and User resources to it.

    Create new resource set

Configure Okta API scopes

Back to the application you created:

  1. Go to the Okta API Scopes tab.

  2. Grant the following scopes:

    • okta.groups.read (needed to list users in your directory)
    • okta.users.read (needed to list users in your directory)
    • okta.users.manage (needed to reset passwords and MFA devices)
    Okta scopes

  3. Go to the Admin Roles tab and assign the role and resource you created.

    Assign role and resources

Configure Nametag

  1. In the Nametag console, go to Directories and choose Add a directory.
  2. Select Okta
  3. For Okta Domain, enter your Okta domain (for example example.okta.com)
  4. For Client ID, enter the Client ID you copied earlier.
  5. Leave Client Secret blank.
  6. Select Connect to Okta.
Nametag Okta configuration