Overview

The integration of Grip with Okta enables organizations to gain a comprehensive overview of their managed applications, including provisioning details and insights into sign-in and usage patterns. This collaboration enhances the ability to monitor and control access across the organization's application landscape, ensuring that all application interactions are transparent and managed efficiently.

About Okta and OAuth

Okta is an identity and access management (IAM) platform providing secure authentication, authorization, and single sign-on (SSO) capabilities for organizations. It is a standards-compliant OAuth 2.0 authorization server and a certified OpenID Connect provider, leveraging OAuth 2.0 for API security and user authentication. 

OAuth 2.0 is a widely adopted authorization framework that allows secure access to resources on a third-party site without exposing your credentials.

Prerequisites

• Create an Okta user profile. The user must have a first name, last name, email address, and department (Sales, Marketing, or Operations). These attributes are case-sensitive.

• Configure the OpenID Connect web app.

Setup Process

Step 1 – Create a Grip Security service app in Okta

• Navigate to Applications > General Settings and ensure that the "Require Demonstrating Proof of Possession header in token requests" setting  is disabled. 

❕ Info

This first step is required as the Grip Security-Okta integration does not support the Demonstrating Proof of Possession (DPoP) JWT header configuration.

• In the Okta Admin panel, navigate to Applications > Applications, and click Create App Integration.

• In the Create a new app integration window, select API services and click Next.

• Name the application Grip Security App.

• In the Applications page, copy the Client ID.

Step 2 – Configure the Okta API scopes granted to the application

You can manage the Okta API scopes granted to the application.

• From the Applications page, go to the Okta API Scopes tab.

• Grant read consent to the following six scopes:

  • okta.apps.read

  • okta.clients.read

  • okta.groups.read

  • okta.logs.read

  • okta.rateLimits.read

  • okta.users.read

• In the General tab, click Edit.

• For Client authentication select Public Key/ Private Key.

• Under Public Keys, select Save keys in Okta.

•  To generate a new key-pair, select Add.

• In the Add a public key window, click Generate New Key and copy the Public Key to a separate text file.

• Under Private key – Copy this!, select PEM, click Copy to clipboard and paste into a separate text file.

• Click Done and in the next screen click Save, to save all the changes to the app.

Step 3 - Set Tenant Rate Limits

You can set limitations on what percentage of the tenant (organization) rate limits can be dedicated to the Grip application.

The default value is configured to be 50%. This is the recommended value, but it can be changed if there are more apps/internal scripts continually consuming the Okta API. Setting a lower number might cause the historical discovery to take more time.

To change the rate limits, from the Okta Applications page, open the Application Rates Limit tab.

Step 4 - Configure Admin Roles

• Open the service app assigned to Grip.

• In the Admin Roles tab, click Edit assignments 

• In the Role field select Read-only Administrator.

• Click Save Changes.

• Ensure that the Proof of possession setting is disabled.

What next?

Send the following to your Grip representative, using your preferred secure file sharing method.

• The Client ID  (See Step 1 – Create a Grip Security service app in Okta)

• The generated keys (See Step 2 - Configure the Okta API scopes granted to the application)

• Your Okta domain (clientname.okta.com)

• The KID value

Summary

Grip Security and Okta have now been integrated into your organization.