Okta Setup (API Key Based)

  • Updated on Mar 24, 2025
  • Published on Jan 4, 2025
  • 3 minute(s) read
  • nT

Overview

This guide provides detailed instructions on integrating Okta with Grip using an API key.

The integration allows Grip to leverage Okta's identity management capabilities, enhancing security by efficiently managing user access and permissions.

Note.

If you haven't completed the Okta Setup (API Key Based) step during Grip's historical discovery (sales) cycle, the initial set-up might be delayed during the live Okta SSPM deployment session with the Grip team.

There are 2 options for creating an API token:

Option A- As a Regular User (Faster)

Share this article and ask the users to follow it as Okta admins, with their API Token Key and Okta domain.
Only then, perform the Okta SSPM live deployment.

Option B- As a Read-Only Service Account (Slower, Less Privileges)

  • Creating an API token using a read-only service account is a more secure but slower process. This method involves additional steps to ensure that the account has minimal privileges, thereby adhering to the principle of least privilege. It is the recommended approach for production environments where security and compliance are critical, as it limits the potential impact of the API token and reduces the risk of unauthorized changes.

  • Ask your TCSM to schedule time for a dedicated session. We will bring resources and guide you step-by-step.

Benefits

  • Enhanced Security: By integrating Okta with Grip, organizations can ensure secure and efficient management of user identities and access controls.

  • Simplified Management: Centralized control over user access across various SaaS platforms, improving compliance and reducing administrative overhead.

Prerequisites

  • Okta admin access.

  • A service account with read-only access (recommended).

  • A secure method for file sharing (to send the API key and Okta domain).

Create an API Key as a regular user – Option A

Access Okta Admin Page:

  1. Log in to your Okta admin page.

  2. In the left toolbar, expand the Security menu and select API.
     

Create a New Token:

  1. Navigate to the Tokens tab.

  2. Click Create Token.
     
    Name and Save the Token:

  3. Provide a meaningful name for the token.
     

  4. In the API calls made with this token must originate from field, select the “Any IP” option from the drop-down list. 

  5. Create the token and copy the generated value to a safe location. This token will not be displayed again, so ensure it is stored securely.

  6. Your Okta domain. 

Create an API Key as a Read-Only Service Account - Option B

Establish a Service Account:

  1. Create a new user within your Okta environment dedicated solely to Grip's integration.

  2. Fill in the indicative Name and Email. Ensure to choose “Activate now”, set a password, and copy it. 

 

 

Assign Read-Only Role

  • From the Okta Admin Console, navigate to Directory > People.

  • Go to the profile of the new user and select Admin roles > Add/Edit individual assignments.

 

  • In the Complete the assignment section, click the Role dropdown and choose Read-Only Administrator.

 

Temporarily Elevate Permissions

Temporarily assign the Super Administrator role to the new user.

  1. Click + Add assignment and from the new Role dropdown, select Super Administrator.

  2. Click Save Changes.

save_changes.png Generate the API Token

  1. Log in using another browser profile with the new service account using the password set earlier.

  2. From the Admin Console, go to Security > API > Tokens.

  3. Click Create Token, choose a name for the token, and then Create Token.

  4. Copy the token value to the clipboard and save it in a safe place. Note that once you click Ok, got it, the API token value cannot be viewed again.

save_the_api_token.png Revoke Super Administrator Role

  1. Navigate to Security > Administrators.

  2. Search for the service account user's name and select it.

  3. Edit individual admin privileges and delete the Super Administrator role by clicking the recycle bin icon on the right.

  4. Click Save Changes.

 Register the API Key with Grip

Ensure you have the following information ready:

  1. The API token created in the previous step.

  2. Your Okta domain. You can find your Okta domain in the Okta admin dashboard. It typically follows the format https://your-domain.okta.com.

Using your preferred secure file sharing method, send the details to Grip

 Summary

By following the steps outlined in this guide, you have successfully created an API key in Okta and registered it with Grip. This integration enables Grip to securely manage user identities and access controls within your organization, leveraging Okta's powerful identity management features. This setup enhances security, ensures compliance, and simplifies user management across various SaaS platforms.

Related articles