Okta
Identity & SecurityConnect AI agents to your Okta org. Agents manage users, groups, and group rules, assign applications and admin roles, run MFA and password help-desk flows, read the System Log, rotate credentials, and revoke sessions and OAuth grants.
What This Integration Enables
Agents run the identity lifecycle as workflow steps rather than console clicks. On the provisioning side they create, activate, suspend, deactivate, and delete users, keep group membership current directly or through group rules that auto-assign by attribute, grant or revoke application access for a user or a whole group, and enroll or reset MFA factors for help-desk and security flows. On the governance side they read the System Log, audit and revoke a user's OAuth grants and refresh tokens, clear active sessions, and manage org security posture: sign-on and password policies with their rules, network zones, trusted origins, event and inline hooks, external identity providers, and custom OAuth authorization servers. Credential rotation is covered too: generate or clone SSO signing keys, manage CSRs, register OAuth client keys and secrets, and rotate authorization-server signing keys on a routine. The connector exposes the surface; the surrounding flow decides which changes an agent makes on its own and which ones wait for a person.
Without FlowRunner
With FlowRunner
Use Case Scenarios
Security-incident response from the System Log
The On New System Log Event trigger fires on a suspicious event, for example an impossible-travel sign-in. The agent reads the actor and target user, lists the user's admin roles and active OAuth grants for the record, then suspends the user, revokes all grants and refresh tokens, and clears every active session. It posts the containment summary to the security channel with [Slack](/integrations/slack). The account is contained in one flow instead of a scramble across several Okta screens while the session is still live.
Automated onboarding tied to a new-hire record
A new-hire record starts the flow. The agent creates the user, adds them to the right groups (or lets a group rule auto-assign them by department attribute), assigns their applications, and enrolls an MFA factor. The whole identity setup runs the same way for every hire, so the tenth new employee of the month gets the same access as the first, and the help desk stops reconstructing the checklist from memory.
Scheduled access recertification
On a recurring routine, the agent lists a user's admin roles, application assignments, and OAuth grants, compares them against an expected baseline, and flags anything unexpected. Access that should have been removed at a role change, or a lingering third-party grant, surfaces as an exception for review rather than sitting undiscovered until an audit finds it.
Human-in-Loop Highlight
Deprovisioning is the moment where an agent should stop and ask. When the System Log trigger surfaces a suspicious event, containment (suspend, revoke grants, clear sessions) is reversible and safe to run immediately. Full deactivation or deletion is not. So the agent takes the reversible containment steps on its own, then pauses before the irreversible one and asks the on-call analyst through Slack: "Suspended [user] and revoked their grants and sessions after [event type] from [IP]. Deactivate the account, or reinstate it if this was a legitimate sign-in?" The analyst answers in the channel and the flow resumes. The agent never deletes an identity on a guess, and it never leaves a compromised session open while it waits.
Agent Capabilities
24 actionsUsers and Lifecycle
7- Create User Creates a user in the Okta org during onboarding.
- Activate User Activates a staged user account.
- Suspend User Suspends a user in response to a security event. Reversible, so agents can run it before a human confirms the next step.
- Deactivate User Deactivates a user, blocking sign-in.
- Unlock User Unlocks a locked-out user for the help desk.
- Reset Password Resets a user's password. Pairs with recovery-question and forgot-password flows for self-service help desk.
- Reset Factors Resets a user's enrolled MFA factors when a device is lost or a factor is compromised.
Groups and Group Rules
3- Add User to Group Adds a user to a group to apply its access.
- Create Group Rule Creates a group rule that auto-assigns users by profile attribute, so membership stays current without manual edits.
- Assign Group Owner Assigns an owner to a group for delegated administration.
Applications and Roles
3- Assign User to Application Grants a user access to an application.
- Assign Group to Application Grants a whole group access to an application in one call.
- Assign Role to User Assigns a standard admin role to a user for delegated administration.
MFA and Authenticators
2- Enroll Factor Enrolls an MFA factor for a user.
- Create Authenticator Adds an MFA authenticator such as Duo or WebAuthn to the org.
System Log and Session Control
3- Get Logs Pulls System Log events for auditing, alerting, or reporting.
- Revoke All User Grants Revokes all of a user's OAuth grants during incident containment.
- Revoke All User Sessions Clears all of a user's active sign-in sessions during incident containment.
Policy and Posture
3- Create Network Zone Defines an IP or dynamic network zone for sign-on policy.
- Create Trusted Origin Registers a CORS or redirect trusted origin for app security.
- Update ThreatInsight Configuration Toggles ThreatInsight to enforce security posture from version-controlled definitions.
Identity Providers and Credential Rotation
3- Create Identity Provider Connects an external OIDC, SAML, or social identity provider.
- Rotate Authorization Server Keys Rotates a custom authorization server's signing keys on a recurring routine.
- Generate Application Key Generates an application SSO signing key for credential rotation. The connector exposes the full Okta management surface beyond these highlights, including inline and event hooks, profile schemas and mappings, behavior rules, user types, devices, linked objects, and application and identity-provider credential management.
Triggers
1 triggersEvent Triggers
1- On New System Log Event Polls the Okta System Log and fires when a new event is recorded. This is the real-time hook for security automation: a suspicious sign-in, an admin change, or a policy violation can start a containment flow the moment Okta logs it, rather than waiting for the next scheduled review.
Start building with Okta
$100 in credits. No card required. Connect in minutes.