docs Okta API Services
Launch Nametag Get help

Okta API Services Integration

Experimental: This feature is still experimental. If you have any trouble please let us know.

This document describes how to configure Okta with an API Services application. This is an alternative to the more usual integration through OIN described here.

Set up the Okta API Services application

  1. In your Okta administrator dashboard, navigate to the Applications tab and click the Add Application button.

  2. Choose Create App integration and choose API Services.

  3. When prompted name your application Nametag (or whatever you like) and click Save.

  4. In the Client credentials section select Public key / Private key.

  5. Copy the Client ID from the Client Credentials tab. You’ll need this later.

  6. In the Public keys section select Use a URL to fetch keys dynamically.

  7. Enter the following URL in the URL text box:

    https://nametag.co/directories/oauth2/jwks

  8. In the General Settings pane, uncheck Require Demonstrating Proof of Posession (DPoP) header in token requests.

Create Okta Resources

You will need to ensure you have an appropriate role and resource set to assign to this application.

  1. For the role, Navigate to Security -> Administrators. Click on Roles tab and click Create new role. You can call this role Nametag or whatever you prefer. Ensure you select the Manage user permission under the User section. Under the Group section, nestled within the Manage groups permissions you should select Manage group membership and View groups and their details.

2. For the resource set, Navigate to Security -> Administrators. Click on Resources tab and click Create new resource set. You can call this resource set Nametag or whatever you prefer. Ensure you add the Group and User resources to it.

Configure Okta API Scopes

Back to the application you created:

  1. Navigate to the Okta API Scopes tab.

  2. Grant the following scopes:

    • okta.groups.read (needed to list users in your directory)
    • okta.users.read (needed to list users in your directory)
    • okta.users.manage (needed to reset passwords and MFA devices)

  3. Navigate to the Admin Roles tab and assign the role and resource you created.

Configure Nametag

  1. In the Nametag console, navigate to Directories and choose Add a directory.
  2. Select Okta
  3. For Okta Domain, enter your Okta domain (e.g. example.okta.com)
  4. For Client ID, enter the Client ID you copied earlier.
  5. Leave Client Secret blank.
  6. Click Connect to Okta.