Okta API Services Integration
Experimental: This feature is still experimental. If you have any trouble please let us know.
This document describes how to configure Okta with an API Services application. This is an alternative to the more usual integration through OIN described here.
Set up the Okta API Services application
-
In your Okta administrator dashboard, navigate to the Applications tab and click the Add Application button.
-
Choose Create App integration and choose API Services.
-
When prompted name your application Nametag (or whatever you like) and click Save.
-
In the Client credentials section select Public key / Private key.
-
Copy the Client ID from the Client Credentials tab. You’ll need this later.
-
In the Public keys section select Use a URL to fetch keys dynamically.
-
Enter the following URL in the URL text box:
https://nametag.co/directories/oauth2/jwks -
In the General Settings pane, uncheck Require Demonstrating Proof of Posession (DPoP) header in token requests.
Configure Okta API Scopes
- Navigate to the Okta API Scopes tab.
- Grant the following scopes:
okta.orgs.read(needed to obtain basic information about your directory)okta.groups.read(needed to list users in your directory)okta.users.read(needed to list users in your directory)okta.users.manage(needed to reset passwords and MFA devices)
- Navigate to the Admin Roles tab and assign the appropriate role.
Configure Nametag
- In the Nametag console, navigate to Directories and choose Add a directory.
- Select Okta
- For Okta Domain, enter your Okta domain (e.g.
example.okta.com) - For Client ID, enter the Client ID you copied earlier.
- Leave Client Secret blank.
- Click Connect to Okta.