Okta Integration Setup
This guide walks you through configuring Okta as an identity provider for RAD Security, giving you flexible authentication options. You can authenticate using either:- API Service Integration (Recommended) - Simpler setup, suitable for most use cases
- App Integration - Advanced option for granular permission control
Prerequisites
Before you begin, ensure you have:- Admin access to your Okta tenant
- Access to RAD Security workspace with integration permissions
Option 1: API Service Integration (Recommended)
The API Service Integration provides the quickest setup path with all necessary permissions pre-configured.Step 1: Add the Synqly Identity Connector
1
Access Okta Admin Portal
Log in to Okta with admin privileges and navigate to the Admin portal.
2
Navigate to API Service Integrations
Go to Applications > API Service Integrations
3
Add the Integration
- Click Add Integration
- Search for and select Synqly Identity Connector
- Click Next
4
Install and Authorize
Click Install and Authorize to complete the setup
5
Save Credentials
Once authorized, note down the following values in a secure location:
- Client ID
- Client Secret
- Okta Domain
Step 2: Configure in RAD Security
Navigate to your RAD Security workspace and enter the following integration parameters:| Parameter | Description |
|---|---|
| Client ID | The Client ID from Okta |
| Client Secret | The Client Secret from Okta |
| Base URL | Your Okta Domain (e.g., https://your-domain.okta.com) |
Keep your credentials secure. RAD Security encrypts and stores these values safely.
Option 2: App Integration (Advanced)
Use this method if you need fine-grained control over permissions assigned to the RAD Security integration. This is ideal for disabling features you don’t plan to use.This setup is more complex and intended for advanced users. Use API Service Integration unless you have specific requirements for custom permission scopes.
Step 1: Create Service App Integration
1
Create the App
2
Configure Client Credentials
- Navigate to your app integration’s main page
- Go to the General tab
- Note down the Client ID
- Edit Client Credentials > Client authentication
- Set to Public key / Private key
3
Generate Keys
- Click PUBLIC KEYS > Add
- In the dialog, click Generate new key
- Click the PEM button under Private key
- Note down the Private key securely
- Click Save
4
Disable DPoP
Uncheck General Settings > Proof of possession > Require Demonstrating Proof of Possession (DPoP) header in token requests
Step 2: Configure API Scopes
Navigate to the Okta API Scopes tab and grant the scopes you need:Recommended Scopes
Recommended Scopes
okta.groups.read- List groups and group membersokta.users.manage- Force password reset, expire sessions, enable/disable usersokta.users.read- List and read users (not required ifokta.users.manageis granted)okta.roles.read- Read individual usersokta.logs.read- Access audit logs
Step 3: Assign Admin Roles
1
Navigate to Admin Roles
Go to the Admin roles tab
2
Edit Assignments
Click Admin assignments granted to this app > Edit assignments
3
Assign Roles
Assign the appropriate admin roles based on your needs:
Audit Log Access
Audit Log Access
Assign Read-only Admin or another standard role with View System Log (system events) permission.See Okta’s admin role comparison for details.
Custom admin roles cannot be assigned the View System Log permission. See Okta’s support article for more information.
User Management
User Management
- List users: Role with User > View users and their details permission
- Read individual users: Role with Identity and Access Management > View roles, resources, and admin assignments permission (requires custom admin role)
Group Management
Group Management
List groups: Role with Group > View groups and their details permission
Custom Roles & Resource Sets
Custom Roles & Resource Sets
For custom admin roles, consider creating a resource set for the role assignment.
Step 4: Configure in RAD Security
Enter the following integration parameters in RAD Security:| Parameter | Description |
|---|---|
| Client ID | The Client ID from Step 1 |
| Client Secret | The Private Key (PEM format) from Step 1 |
| Base URL | Your Okta Domain (e.g., https://your-domain.okta.com) |
Verify Integration
After completing the setup, verify your integration is working:- Navigate to Integrations in your RAD Security workspace
- Locate your Okta integration
- Check the connection status shows as Active
- Test authentication by signing in with an Okta user
Your Okta integration is now configured! Users can authenticate through Okta, and RAD Security can sync identity data based on your configured permissions.
Troubleshooting
Connection Failed
Connection Failed
- Verify your Client ID and Client Secret are correct
- Ensure the Base URL includes the full domain (e.g.,
https://your-domain.okta.com) - Check that the integration is authorized in Okta
Insufficient Permissions
Insufficient Permissions
- Review the API scopes granted in Okta
- Verify admin roles are properly assigned
- For App Integrations, ensure DPoP is disabled
Audit Logs Not Available
Audit Logs Not Available
- Confirm you’ve assigned the Read-only Admin role or equivalent
- Verify the
okta.logs.readscope is granted - Note that custom admin roles may not support system log access