Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.leen.dev/llms.txt

Use this file to discover all available pages before exploring further.

Required Permissions

The API token inherits the permissions of the Okta user who creates it. The token creator must have a role that grants the following OAuth scopes:
ScopeDescriptionAPIs Used
okta.users.readRead user profiles, credentials, group memberships, and enrolled MFA factorsList Users, List User Groups, List User MFA Factors
okta.groups.readRead group information and group-application assignmentsList Groups, List Group Applications
okta.apps.readRead application configurations and user-application assignmentsList Applications, List Application Users
okta.logs.readRead system log eventsGet System Log Events
okta.roles.readRead administrative role assignments for usersList User Roles
okta.policies.readRead security policies, policy rules, and policy mappingsList Policies, Get Policy, List Policy Rules, List Policy Mappings
We recommend creating the API token with a user that has the Read-Only Admin role, which grants all of the above permissions.

Onboarding Okta Identity Provider

Follow the steps below to onboard your environment to our Okta Identity Provider integration. This integration uses the Core Okta API to interact with your Okta organization. To connect to Okta, we require:
  1. Okta Domain
  2. API Token
1

Determine Your Okta Domain

Your Okta domain (also known as your org URL) is the URL you use to access your Okta organization. It typically looks like: https://{your-tenant}.okta.com. Make note of this URL as you’ll need it later. If you are on the Okta Admin console, the URL will appear as https://{your-tenant}-admin.okta.com. The the URL excluding -admin is your Okta domain.
2

Navigate Okta Admin Console

Login to the Okta Admin Console and navigate to the API Tokens page. (Sidebar: Security -> API -> Tokens)
3

Create API Token

Click on the Create Token button. You will see the following screen.Add a name for the token(eg. leen-okta-idp), set allowable origin to Any IP and click on the Create Token button.Create API TokenOn the next screen, you will see the secret API token.
Record your API token secret somewhere safe. After the credential window is closed, the secret is no longer visible.
4

Enter Credentials

In the Okta Identity Provider connector in Leen, enter the following information:
  • Okta Domain: Enter your full Okta domain URL (e.g., https://{your-tenant}.okta.com)
  • API Token: Paste the API token you created in the previous step
For more information on Okta API tokens and how to use them, refer to the Okta API documentation.