Skip to main content
Skip to docs navigation
Docs
English (United States)
日本語 (日本)
Français (France)
Documentation
Identity Engine
Classic Engine
Access Gateway
Advanced Server Access
Aerial
Identity Security Posture Management
Workflows
Release Notes
Identity Engine
Classic Engine
Access Gateway
Advanced Server Access
Aerial
Identity Security Posture Management
Workflows
Okta Developer
Auth0
Auth0 Docs
Auth0 FGA Docs
Training
Support
English (United States)
日本語 (日本)
Français (France)
Feedback
Classic Engine publication
Okta Documentation
Okta Classic Engine
Release notes
Production
Preview
Early Access
Okta Mobile
Android
iOS
Okta Verify release notes
Okta Verify for Android
Okta Verify for iOS
Identity Governance
Okta Privileged Access
Device tools
Platform
Archive
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
Monitoring and reports
Administrator Dashboard
View your org at a glance
View your org agents' status
View Okta service status
Monitor your tasks
Monitor your org's security
Monitor your SSO apps
Admin Console search
Reports
Entitlements and access
Group membership
User accounts
User app access
Application usage
Okta password health
SAML capable apps
Application access
MFA activity
MFA usage
MFA enrollment by user
Suspicious activity
Deprovision details
Rate limits
Admin role assignments
Telephony usage
Deprecated reports
Current Assignments report
Recent Unassignments report
App Password Health report
Run reports
Receive reports by email
System Log
System Log filters and search
Common System Log filters
Log streaming
Add an AWS EventBridge log stream
Add a Splunk Cloud log stream
Edit the status of your log stream
Directory integrations
Active Directory integration
Get started with Active Directory integration
Typical workflow for integrating Active Directory
Active Directory integration prerequisites
Active Directory integration considerations and limits
Okta service account permissions
Supported Active Directory integration features
Active Directory integration implementation options
Plan for high availability and disaster recovery
Integration with existing Active Directory forests and domains
Prepare Active Directory for the integration
Import considerations
Supported attribute syntaxes
Manage your Active Directory integration
Install the Okta Active Directory agent
Configure Active Directory import and account settings
Configure Active Directory provisioning settings
Install multiple Okta Active Directory agents
Update the Okta Active Directory agent
Uninstall Okta Active Directory agent
Locate the Okta AD Agent log
Change the Okta Active Directory agent user
Change the number of Okta Active Directory agent threads
Okta Active Directory agent variable definitions
Configure DMZ server ports for Active Directory integrations
Register multiple domains to an Okta Active Directory agent
Make Active Directory the Profile Source
Rename an Active Directory domain
Delegated authentication with Active Directory
Enable delegated authentication for Active Directory
Check AD DirSync readiness
Enable imports with DirSync
Manage Active Directory users and groups
Import Active Directory users on demand
Schedule Active Directory user imports
Add and update users with Active Directory Just-In-Time provisioning
Make names optional in Active Directory
Confirm imported Active Directory user assignments
Import groups from Active Directory
Push groups from Okta to Active Directory
Enable universal security group support
Configure enhanced group push for Active Directory organizational units
Enable Okta-sourced user Organizational Unit updates
View users and groups associated with an Active Directory instance
Remove a group from Active Directory provisioning
Exclude AD username updates during provisioning
Disconnect users from Active Directory
Bidirectional Group Management with Active Directory
Access governance for AD groups
Work with Active Directory attributes
Base Active Directory attributes
Active Directory attribute mappings to Okta properties
Exclude Active Directory username updates during provisioning
Active Directory Desktop Single Sign-on
Desktop Single Sign-on prerequisites
Active Directory Desktop Single Sign-On known issues
About Active Directory Desktop Single Sign-on and Just-In-Time provisioning
Identify your Desktop Single Sign-On type
Configure agentless Desktop Single Sign-on
About the agentless Desktop Single Sign-on workflow
About agentless Desktop Single Sign-on failover
Create a service account and configure a Service Principal Name
Configure browsers for Windows agentless Desktop Single Sign-on
Configure browsers for Mac agentless Desktop Single Sign-on
Enable agentless Desktop Single Sign-on
Update the default Desktop Single Sign-on Identity Provider routing rule
Validate the agentless Desktop Single Sign-on configuration
Test the agentless Desktop Single Sign-on configuration
Migrate your agentless Desktop Single Sign-on configuration
Set the service principal name
Configure browsers for single sign-on on Windows
Test the Desktop Single Sign-on settings
Install and configure the Okta IWA Web agent for Desktop Single Sign-on
Migrate from Integrated Windows Authentication to agentless Desktop Single Sign-on
Learn about the Okta IWA Web agent
Okta IWA Web agent installation prerequisites
Install the Okta IWA Web agent
Configure Windows browsers for SSO
Configure Mac browsers for SSO
Activate the Okta IWA Web agent
Configure SSL for the Okta IWA Web agent
Configure routing rules for the Okta IWA Web agent
Test the Okta IWA Web agent
Test Okta IWA Web agent Desktop Single Sign-on
View the Okta IWA Web agent status
Customize the Active Directory DSSO sign-out page
Configure failover for the Okta IWA Web agent
Configure the Okta IWA Web agent Universal Principal Name
Change the Okta IWA Web agent timeout period
Disable Okta IWA Web agent authentication for specific clients
Install the Okta IWA Web agent on a virtual machine
Desktop Single Sign-on FAQ
Desktop Single Sign-on troubleshooting
Manage passwords
Synchronize passwords
Password synchronization use cases
Synchronize passwords from Okta to Active Directory
Synchronize passwords from Active Directory to Okta
Application password synchronization
Use Okta API to expire user passwords
Troubleshoot password synchronization
Automatically update Okta Active Directory agents
View Okta Active Directory (AD) agent status information
Auto-update a single agent on demand
Auto-update multiple agents on demand
Retry an on-demand agent auto-update
Cancel an on-demand agent auto-update
Schedule agent auto-updates
Turn an agent auto-update schedule on or off
Delete an agent auto-update schedule
Define the behavior for failed agent auto-updates
Unsubscribe from agent auto-update email notifications
Download the latest agent version
Active Directory integration FAQ
LDAP integration
Get started with LDAP integration
LDAP integration prerequisites
LDAP integration known issues
LDAP integration limits
LDAP integration features
Supported LDAP directories
LDAP incremental import support
Manage your LDAP integration
Install the Okta LDAP Agent
Configure LDAP integration settings
Configure Okta to LDAP provisioning settings
Configure LDAP to Okta provisioning settings
Modify LDAP integration settings
Enable LDAP over SSL
Map Okta user profile attributes to LDAP attributes
Verify the Okta LDAP agent download
Configure incremental imports for AD LDS
Reconfigure an Okta LDAP Agent
LDAP configuration parameters
Change the number of Okta LDAP agent threads
Add or remove custom LDAP attributes
Locate the Okta LDAP agent log
Manage the Okta LDAP Agent
Uninstall or reinstall the Okta LDAP Agent
Configure supported LDAP directory services
AD LDS LDAP integration reference
eDirectory LDAP integration reference
IBM LDAP integration reference
OpenDJ LDAP integration reference
Oracle Internet Directory LDAP integration reference
OpenLDAP integration reference
Oracle Directory Server Enterprise Edition LDAP integration reference
Oracle Unified Directory LDAP integration reference
Sun ONE Application Server LDAP integration reference
Set up and manage the LDAP Interface
LDAP Interface known limitations
LDAP Interface connection settings
Enable the LDAP interface
Expose app groups in the LDAP interface directory information tree
Use multifactor authentication with the LDAP Interface
LDAP interface pagination control
LDAP interface troubleshooting
Bidirectional Group Management with LDAP
Automatically update Okta LDAP agents
View LDAP agent status information
Auto-update a single agent on demand
Auto-update multiple agents on demand
Retry an on-demand agent auto-update
Cancel an on-demand agent auto-update
Schedule agent auto-updates
Turn an agent auto-update schedule on or off
Delete an agent auto-update schedule
Define the behavior for failed agent auto-updates
Unsubscribe from agent auto-update email notifications
Download the latest agent version
LDAP integration troubleshooting
CSV directory integration
Get started with CSV directory integration
CSV directory integration prerequisites
Typical workflow for integrating CSV directories
Manage your CSV directory integration
Download and install the Okta Provisioning agent
Configure the CSV directory integration settings
Configure the CSV directory integration profile attributes
Configure the CSV directory integration import settings
Test the CSV directory integration
User management
Manage users
Add users manually
Add and update users with Just-In-Time provisioning
Use Anything-as-a-Source
Import users
View the Import Monitoring dashboard
Import users from an app
Edit app provisioning settings
Clear unconfirmed users
Import users from a CSV file
Assign users to apps using a CSV file
Match imported user attributes
Import safeguards
Enable or disable import safeguards
Change threshold for import safeguard
Resolve import safeguard warnings on the Import Monitoring dashboard
Manage self-service registration settings
About self-service registration
Enable and configure a self-service registration policy
Disable the security image and security questions
Activate user accounts
Deactivate and delete user accounts
Edit deactivated user profiles
End Privileged Access
Assign applications to users
Search for application users
Unassign users from applications
Unlock an individual user account
Unlock multiple user accounts
Suspend and unsuspend users
Reset a user password
Reset multiple user passwords
Revoke all user sessions
Manage self-service password reset
Group password policies
Create a self-service password reset policy for your org
Add self-service password reset to an existing password policy
Configure voice call for self-service password resets
Configure SMS for self-service password resets
Enable Active Directory delegated authentication
Self-service password reset scenarios
Manage password expiry
Expire all user passwords
Expire a user's password on the Okta Admin Console
Expire a user password using the Okta API
Revoke a user's certificate from the Okta Certificate Authority
User account status
Manage groups
Groups
Okta group source types
Create a group
About group duplication in Microsoft Office 365
View group members
Manually assign people to a group
Bulk assign people to a group
Remove people from a group
Enable group import from provisioning-enabled apps
Review group imports
View and edit Okta group attributes
Remove groups imported from provisioning-enabled apps
Assign a single app to groups
Assign multiple apps to a group
Manage group prioritization
Prioritize application groups
Assign attribute group priority
Group prioritization use case
Manage group rules
Group rules
Group rules best practices
Manual group user management
Create group rules
Verify group membership changes
Edit group rules
Manage Group Push
Group Push
Group Push prerequisites
Enable Group Push
Group Push operations
App assignments and Group Push
Troubleshooting Group Push
Manage Group Linking
Configure Group Linking
Configure Group Linking to delete application groups
Manage profiles
Profile types
Attribute mappings
Expressions
About rich SAML assertions and WS-Federation claims
Work with profiles and attributes
View the Okta default user profile
View the Okta default group profile
Make the user profile first and last name optional
Create a custom character restriction for the Okta username
Add custom attributes to an Okta user profile
Add custom attributes to a default Okta group profile
Add custom attributes to apps, directories, and identity providers
Edit Okta default group profile custom attributes
Delete custom attributes from a user profile
Remove custom attributes from a default Okta group profile
Delete custom app, directory, and identity provider attributes
Enforce uniqueness of custom attributes
Enforce custom attribute uniqueness
Add or remove custom directory schema attributes
Review reserved attributes
Profile Push
View existing application attribute mapping
Map Okta attributes to app attributes in the Profile Editor
Map app attributes on the Provisioning page
Edit application attribute mapping
Modify attributes with expressions
Override a user name format
Override an app username
Override application attribute mapping
Remove mapping
Automatically update an app username
Work with Universal Directory user types
Custom user types in Universal Directory
Universal Directory custom user types known issues
Create a custom user type
Map a user type to an application
Create a user and assign a user type
Change the user type
Delete a user type
Manage profile and attribute sourcing
Profile sourcing
Designate profile sources for user attributes
Prioritize profile sources
Make an app the profile source
Define the attribute profile source
Map profile attributes
Edit user attributes
Allow users to edit attributes
Manage realms
Requirements and limitations
Get started with realms
Create realms
Delegate realm management
Manage realm users
Realm assignments
Realms with Okta Identity Governance
Use Workflows to manage realms
Manage service accounts
Alternative options to service accounts
Set up the Okta Privileged Access app
Manage a SaaS app service account
Manage an Okta user account as a service account
App integrations
Get started with app integrations
Learn about app integrations
Single Sign-On
OIDC app integrations
SAML app integrations
WS-Fed app integrations
SWA app integrations
SCIM app integrations
CASB configuration guide
Add app integrations
Add existing app integrations
Create custom app integrations
Create OpenID Connect app integrations
Manage secrets and keys for OIDC app client authentication
Encrypt OIDC ID tokens for app integrations
Create SAML app integrations
AIW SAML field reference
Define attribute statements
Define group attribute statements
Manage signing certificates
Configure custom claims for app integrations
Generate entitlement claims using the legacy configuration
Create SWA app integrations
Create SCIM app integrations with entitlement management
Add SCIM provisioning to app integrations
Configure Single Sign-On options
Configure settings for app integrations
Configure profile attributes for OIDC apps
Self Service for app integrations
Workflow to configure Self Service request feature
Enable self-service access to apps
Configure a Self Service approval workflow
Add app integrations as an end user
Handle app integration requests
Configure the Okta Template App and Okta Plugin Template App
Create a Bookmark App integration
Simulate an IdP-initiated flow with the Bookmark App
Configure Single Logout in app integrations
Configure Universal Logout
Mapping Active Directory, LDAP, and Workday Values in a SAML template
Integration guides
1Password Enterprise Password Manager
Integrate 1Password Enterprise Password Manager with Okta
Configure Okta SSO in 1Password Enterprise Password Manager
Manage user assignments and grace periods
Integrate 1Password Enterprise Password Manager with Okta for SSO Unlock
Verify SP-inititated SSO
Advent Black Diamond
Advent Black Diamond supported features
Configure Advent Black Diamond provisioning with Okta
Amazon Web Services Account Federation
Learn about Amazon Web Services integration
Connect Okta to a single Amazon Web Services instance
Configure Okta as the AWS account identity provider
Add Okta as a trusted source for AWS roles
Generate the AWS API access key
Configure the Amazon Web Services Account Federation app in Okta
Connect Okta to multiple Amazon Web Services instances
Integrate multiple AWS instances
AWS user and group access management
Configure AWS accounts and roles for SAML SSO
Create AWS role groups in an external directory
Create management groups to map users to AWS accounts and roles
Import AWS role and management groups into Okta
Enable group-based role mapping in Okta
Assign AWS management groups to the Okta AWS app
Artifactory
Artifactory supported features
Integrate Artifactory with Okta
Atlassian
Axway Amplify
Axway Amplify supported features
Integrate Axway Amplify with Okta
BambooHR
BambooHR supported features
BambooHR integration known issues
Integrate BambooHR with Okta
BMC Remedyforce
BMC Remedyforce supported features
Configure BMC Remedyforce provisioning with Okta
Box
Box supported features
Manage your Box integration
Integrate Box with Okta
Add attributes to a Box profile
Add existing Box groups to Okta
Assign Box to Okta groups and configure group push
Configure SAML group push for Box
Confluence On-Premises
Coupa
Coupa supported features
Integrate Coupa with Okta
CrowdStrike
CrowdStrike supported features
Integrate CrowdStrike with Okta
DocuSign
DocuSign supported features
Integrate DocuSign with Okta
Dropbox Business
Dropbox Business integration prerequisites
Dropbox Business integration known issues
Silently provision Dropbox Business
Dropbox Business supported features
Integrate Dropbox Business with Okta
FleetDM
FleetDM supported features
Configure FleeDM provisioning with Okta
Google Workspace
Troubleshooting
Manage Google Workspace users
Google email alias support
HashiCorp Cloud Platform
HashiCorp Cloud Platform supported features
Integrate HashiCorp Cloud with Okta
HashiCorp Vault
Integrate HashiCorp Vault with Okta
Configure the OIDC authentication method
Configure groups and policies
Test the integration
Informatica Cloud
Informatica Cloud supported features
Integrate Informatica Cloud with Okta
Jamf Pro Admin Console
Jamf Pro Admin Console supported features
Integrate Jamf Pro Admin Console with Okta
Jamf Pro User Enrollment
Jamf Pro User Enrollment supported features
Integrate Jamf Pro User Enrollment with Okta
JumpCloud
Integrate JumpCloud with Okta
Configure IdP for JumpCloud
Verify SP-initiated Single Sign-On (SSO)
Lucid
Lucid supported features
Integrate Lucid with Okta
Meta Work Accounts
Microsoft Entra ID and Office 365
Microsoft Entra ID Microsoft Entra ID
Integrate Microsoft Entra ID using SAML
About Microsoft Entra ID SAML integration
Create the Okta enterprise app in Microsoft Entra ID
Make Microsoft Entra ID an Identity Provider
Map Microsoft Entra ID attributes to Okta attributes
Test the Microsoft Entra ID integration
Integrate Hybrid Microsoft Entra ID Join
About Hybrid Microsoft Entra ID devices
Prerequisites for integrating Microsoft Entra ID join
Configure Office 365 sign-on rules to allow on-prem and cloud access
Configure Hybrid Join in Microsoft Entra ID
Hybrid Microsoft Entra ID integration FAQs
Microsoft Office 365
Deploy Office 365
Add Office 365 to Okta
Configure Single Sign-On for Office 365
Provision users to Office 365
Import users to Office 365 using Microsoft Graph API
Assign Office 365 to users and groups
Secure Office 365 using app sign-on policies
Office 365 sign on policies
About Office 365 sign on policies
Best security practices for Office 365 sign on policies
Office 365 sign-on rules options
Office 365 default sign-on rules
Create Office 365 sign-on rules
Office 365 provisioning and deprovisioning
Enable deprovisioning in Office 365
Add custom attributes
Map custom attributes
Skip importing groups during Office 365 user provisioning
Provisioning options for Office 365
Deprovisioning options for Office 365
Manage Office 365 licenses and roles
Supported user profile attributes for Office 365 provisioning
Supported user profile attributes for Office 365 import
Advanced integration topics for Office 365
Allow or deny custom clients in Office 365 sign-on policy
Provide Microsoft admin consent for Okta
Office 365 Silent Activation: New Implementations
Office 365 Silent Activation: Old Implementations
Migrate registry-key-based Office 365 Silent Activation to new configuration
Use Okta MFA for Microsoft Entra ID (formerly Azure Active Directory)
Federate multiple Office 365 domains in a single app instance
Okta support for hybrid Microsoft Entra ID joined devices
Get started with Office 365 provisioning and deprovisioning
Enable Microsoft Office 365 applications
Move Microsoft Office 365 from Secure Web Authentication to WS-Federation
Configure Office 365 GCC Tenant
Configure the Okta Template WS Federation Application
Configure WS-Federation for Office 365
Group linking for Microsoft Office 365
Office 365 FAQs
Microsoft SharePoint (On-Premises)
Typical deployment workflow for SharePoint (On-Premises)
Deployment Scenarios
Add SharePoint (On-Premises) in Okta
Configure Okta as a claims provider in SharePoint (On-Premises)
Configure Okta SharePoint People Picker agent
Deploy Okta People Picker for SharePoint agent
Uninstall Okta People Picker and Okta authentication
Troubleshooting: Microsoft SharePoint (On-Premises)
Microsoft SharePoint (On-Premises) FAQs
Mimecast Personal Portal V3
Mimecast Personal Portal V3 supported features
Integrate Mimecast Personal Portal V3 with Okta
MuleSoft Anypoint Platform
Create an OIDC integration
Integrate MuleSoft Anypoint Platform with Okta
Configure IdP for MuleSoft Anypoint Platform
Configure the Redirect URI in Okta
Test the integration
Create a SCIM integration
MuleSoft Anypoint Platform supported features
Integrate MuleSoft Anypoint Platform provisioning with Okta
Okta Org2Org
Okta Org2Org supported features
Integrate Okta Org2Org with Okta
Okta Identity Security Posture Management (ISPM)
OneLogin
Create an OneLogin OIDC integration
Integrate OneLogin with Okta
Configure Okta SSO in OneLogin
Configure Just-In-Time provisioning in OneLogin
Verify SP-initiated Single Sign-On (SSO)
Create an OneLogin SCIM integration
OneLogin supported features
Configure OneLogin provisioning with Okta
Oracle Human Capital Management
Oracle Human Capital Management supported features
Enable Oracle Human Capital Management provisioning
Oracle Identity Access Management
Oracle Identity Access Management supported features
Integrate Oracle Identity Access Management with Okta
PagerDuty
PagerDuty supported features
Integrate PagerDuty with Okta
Rally Software
Rally Software supported features
Integrate Rally Software with Okta
Add custom Rally Software attributes
RingCentral
RingCentral integration prerequisites
RingCentral supported features
Okta to RingCentral attribute mapping requirements
Manage your RingCentral integration
Integrate RingCentral with Okta
Enable RingCentral bidirectional attribute synchronization
Add custom RingCentral attributes
Troubleshoot RingCentral integrations
Salesforce
Salesforce supported features
Supported Salesforce custom attribute types
Manage your Salesforce integration
Enable Salesforce single sign-on
Enable Salesforce provisioning
Add attributes to a Salesforce profile
Configure OAuth and REST integration
Create a Salesforce Community integration
Create a Salesforce Portal integration
Create a Salesforce Government Cloud integration
SAP Analytics Cloud
SAP Analytics Cloud supported features
Integrate SAP Analytics Cloud with Okta
SAP Concur
SAP Concur supported features
Integrate SAP Concur with Okta
SAP SuccessFactors Employee Central
Learn about SAP SuccessFactors Employee Central integration
SAP SuccessFactors Employee Central integration prerequisites
SAP SuccessFactors Employee Central supported features
Learn about SAP SuccessFactors Employee Central data provisioning
Supported SAP SuccessFactors Employee Central entities and attributes
Manage your SAP SuccessFactors Employee Central integration
Integrate SAP SuccessFactors Employee Central with Okta
Set Time Zone Aware Pre-hires/Terminations
View the SAP SuccessFactors Employee Central Start Date attributes
SentinelOne
SentinelOne supported features
Enable SentinelOne provisioning
ServiceNow
ServiceNow (Eureka)
ServiceNow UD SSO migration guide
ServiceNow UD Provisioning migration guide
Slack
Slack integration prerequisites
Slack supported features
Supported Slack attributes
Integrate Slack with Okta
Troubleshoot Slack integrations
Splunk
Splunk Enterprise supported features
Enable Splunk Enterprise provisioning
Splunk Cloud
Splunk Cloud supported features
Configure Splunk Cloud provisioning with Okta
ThoughtSpot
Create ThoughtSpot OIDC integration
Integrate ThoughtSpot with Okta
Configure Okta IdP for ThoughtSpot
Verify SP-initiated Single Sign-On (SSO)
Create ThoughtSpot SCIM integration
ThoughtSpot supported features
Enable ThoughtSpot provisioning
Trend Micro
Trend Micro supported features
Integrate Trend Micro with Okta
Twilio
Twilio supported features
Integrate Twilio with Okta
UKG Pro
UKG Pro prerequisites and known issues
UKG Pro supported features
Create a UKG Pro report and report ID
Integrate UKG Pro with Okta
UltiPro template
Workato
Workato supported features
Integrate Workato with Okta
Workday
Workday incremental imports
Workday Real-Time Sync
Workday Email and Phone writeback
Configure Workday writeback for home and work contacts
Best practices and FAQ
Import with custom reports
Workplace by Facebook
Zendesk
Zendesk supported features
Zendesk considerations and limits
Integrate Zendesk with Okta
Zoho Mail
Zoho Mail supported features
Integrate Zoho Mail with Okta
Netskope Admin Console
Netskope Admin Console supported features
Integrate Netskope Admin Console with Okta
Access and customize app integrations
Assign app integrations
Manage app integration assignments
Manage Federation Broker Mode
Enable Federation Broker Mode
Disable Federation Broker Mode
Federation Broker Mode known limitations
Copy the embed link for an app integration
Redirect unauthenticated users to a custom login page
Redirect unassigned users to a custom error page
Convert app integrations from individually owned to group managed
Customize an app logo
Add notes to an app integration
Set up VPN notification
Reveal the password of an app integration
Pass Dynamic Authentication Context
Pass Device Context using Limited Access
Remove app integrations
Deactivate app integrations
Delete app integrations
Provision apps
Get started with provisioning
Provisioning
Lifecycle of a provisioned user
Add provisioned users
Workflow for deploying new provisioning app integrations
Workflow for adding provisioning to app integrations
On-premises provisioning
Workflow for deploying on-premises provisioning
Provision cloud applications
Search for an existing OIN app integration
Add an app integration to Okta
Create and configure a duplicate app instance
Configure provisioning for an app integration
Assign app integrations
Provision on-premises apps
On-premises provisioning and entitlements
Enable TLS 1.2
Install the Okta Provisioning Agent
Install the Okta On-prem SCIM Server agent
Agent configuration file
Okta On-prem Connector
Okta On-prem Connector guides
On-prem Connector for Oracle EBS
Supported attributes for Oracle EBS
On-prem Connector for SAP Netweaver ABAP
Configure admin roles for SAP Netweaver ABAP
Supported attributes for SAP Netweaver ABAP
On-premises Connector for Generic Databases
Supported entitlements by On-prem Connector
Install Okta On-prem Connector
Uninstall Okta On-prem Connector
SQL statements, stored procedures, and custom code
System requirements for On-prem Connectors - Oracle EBS and SAP Netweaver ABAP
System requirements for On-premises Connector - Generic Databases
Create an instance of your on-premises app in Okta
Create and test SCIM connectors
Create SCIM connectors for on-premises provisioning
Test SCIM connectors for on-premises provisioning
SCIM messages for on-premises provisioning
Connect to a SCIM connector
Configure the API call timeout period
Make an on-premises app the profile source
Okta Provisioning Agent incremental import
Upgrade Okta Provisioning Agent
Uninstall and reinstall the Okta Provisioning Agent
Manage provisioned users
Assign an app integration to a user
Provision users
Automatically update user attributes
Assign an app integration to a group
Convert an individual assignment to a group assignment
Automatically deactivate app users
Deprovision a user
Reactivate a user profile
Troubleshoot provisioning
Provisioning Integration Error Events
App integrations FAQ
API Service Integrations
Add an API Service Integration
Rotate a Client Secret for an API Service Integration
Revoke an API Service Integration
Devices
Device Trust
Managed Windows computers
MDM-managed Android devices
MDM-managed iOS devices
Integrate Okta with Workspace ONE for Android and iOS devices
Enforce Device Trust and SSO for mobile devices
Step 1: Configure Workspace ONE Access as an Identity Provider in Okta
Step 2: Configure Okta application source in Workspace ONE Access
Step 3: Configure Routing Rules, Device Trust, and Client Access Policies in Okta for iOS and Android Devices
Configure streamlined Device Enrollment and Workspace ONE login using Okta
Configure Okta as an Identity Provider for Workspace ONE Access
(Optional) Publish Okta apps to the Workspace ONE catalog
Integrate Okta with Workspace ONE for macOS and Windows devices
Enforce Device Trust and SSO for desktop devices
Step 1: Configure Workspace ONE Access as an Identity Provider in Okta
Step 2: Configure Okta application source in Workspace ONE Access
Step 3: Configure Device Trust and Access Policies in Workspace ONE for desktop devices
Configure streamlined Device Enrollment and Workspace ONE login for desktop devices using Okta
Configure Okta as an identity provider for Workspace ONE Access
(Optional) Publish Okta apps to the Workspace ONE catalog
TPM and Okta Device Trust for Windows devices
Okta Mobile
About Okta Mobile
Configure settings
Hide apps from Okta Mobile
Okta Mobile Safari Extension
Okta Android apps outside Google Play Store
Authentication
Enable delegated authentication for LDAP
Identity providers
Add a social login (IdP)
Add a SAML 2.0 IdP
Add a SAML Identity Provider
Add metadata for an Identity Provider
Configure Universal Directory mappings
Specify an error page for Identity Provider, SAML, or SSO
Customization options for inbound SAML
Add a Smart Card IdP
Format a PKI certificate chain
Add a Smart Card identity provider
Smart Card idpUser expressions
Expressions
Test the Smart Card or PIV card configuration
Troubleshooting Smart Card and PIV card authentication
Identity provider routing rules
Configure identity provider routing rules
Configure dynamic routing rules
Modify routing rules
Generic OpenID Connect
Add an Okta Integration identity provider
Multifactor Authentication
About MFA
MFA factor configuration
Okta Verify
Configure Okta Verify
Collected data types
Supported platforms
Custom IdP Factor
Custom TOTP factor (MFA)
Duo
Email
Google Authenticator
Security Question
SMS
Symantec VIP
Voice Call
FIDO2 (WebAuthn)
Passkeys (FIDO2 WebAuthn) support and behaviorFIDO2 (WebAuthn) support and behavior
YubiKey
MFA enrollment policies
Configure an MFA enrollment policy
App Condition
MFA Factor Sequencing
MFA for third-party agents
Okta On-Prem MFA agent (formerly RSA SecurID)
Add and configure On-Prem MFA/RSA SecurID
Disable SSL Pinning
Install the On-Prem MFA Agent
Configure high availability
Configure verbose logging
Uninstall and reinstall the agent
Okta MFA Credential Provider for Windows
Configure your Okta org for MFA Credential Provider for Windows
Assign users/groups to the Microsoft RDP (MFA) app
Install the Okta Credential Provider for Windows
Verify MFA for RDP sessions
Configure a system proxy account
Troubleshoot MFA issues for the MFA Credential Provider for Windows
Okta MFA provider for Active Directory Federation Services
Install and configure Microsoft ADFS in Okta
Install the Okta ADFS Plugin on your ADFS Server
Enable the Okta MFA Provider in ADFS
Add Access Control Policy to a Relying Party Application
Assign the Microsoft ADFS (MFA) application
Verify the Okta MFA prompt when signing in to ADFS
Enable OpenID Connect with existing Active Directory Federation Services apps
Enable MFA for Active Directory Federation Services (ADFS) as a service
Troubleshooting
Farm addendum
Uninstall the Okta ADFS Plugin on your ADFS Server
Configure MFA for Active Directory Federation Services (ADFS)
MFA for Electronic Prescribing for Controlled Substances - Hyperspace
MFA for Electronic Prescribing for Controlled Substances (EPCS) - Flow
Install and configure Epic Hyperspace in Okta
Install the Okta Hyperspace Agent
Configure a device in Chronicles
Configure Hyperspace
Test the user sign-in process
Troubleshoot the Hyperspace integration
MFA for Electronic Prescribing for Controlled Substances - Hyperdrive
MFA for Electronic Prescribing for Controlled Substances - Flow
Install and configure Epic Hyperdrive in Okta
Install the Okta Hyperdrive Agent
Configure Hyperdrive to integrate with Okta
Configure a Chronicles device
Test the user sign-in process
Troubleshoot the Hyperdrive integration
MFA for Oracle Access Manager
Configure MFA Factor MFA Authenticator enrollment in Okta
Install and configure the Oracle Access Manager plugin
Deploy OktaWidget.war
Manually activate the Okta OAM plugin
Configure Module, Scheme and Policy
Enable SSL on OAM servers
Reset MFA for end users
Sign-on policies
App sign-on policies
Okta sign-on policies
Password policies
Configure an app sign-on policy
Configure an Okta sign-on policy
Configure a password policy
RADIUS Integrations
Getting Started with RADIUS Integrations
About the Okta RADIUS Agent
Install and configure the RADIUS Agent
About creating Okta applications that use the RADIUS agent
Install Okta RADIUS server agent on Windows
Install the Okta RADIUS Server Agent for Windows
Configure properties
Access and manage log files
Troubleshoot the Windows RADIUS agent
Uninstall the Windows RADIUS agent
Install Okta RADIUS server agent on Linux
Install the RADIUS Linux server agent
Configure proxies
Configure properties
Manage the agent
Troubleshoot the Linux RADIUS agent
Access and manage log files
Uninstall the agent
Determine the RADIUS agent version
RADIUS Integrations
Amazon WorkSpaces
Prepare Amazon WS
Install and configure the RADIUS agent in AWS
Configure AWS inbound rules
Add the Amazon WorkSpaces app
Amazon Workspaces with MFA User Experience
Configure Amazon Workspaces MFA
Provision users
BeyondTrust
Add the BeyondTrust MFA (RADIUS) app
BeyondTrust optional settings
Configure the BeyondInsight gateway
Testing the BeyondInsight integration
Troubleshoot the BeyondInsight integration
Check Point
Check Point RADIUS integration flow
Add the Check Point Software (RADIUS) app
Configure the Check Point SmartConsole
Configure Check Point optional settings
Test the Check Point RADIUS integration
Troubleshoot the Check Point integration
Cisco Meraki
Cisco Meraki RADIUS integration flow
Add the Cisco Meraki Wireless LAN (RADIUS) app
Cisco Meraki optional settings
Configure Cisco Meraki to use the Okta RADIUS Agent
Configure wireless clients for Cisco Meraki
Troubleshoot Cisco Meraki integrations
Cisco ASA IKEv2 VPN
Add the Cisco ASA IKEv2 RADIUS app
Configure the Cisco ASA VPN to interoperate with RADIUS
Configure optional settings
Configure the Windows VPN
Configure trusted root CA
Test the Cisco ASA integration
Cisco ASA VPN
Add the Cisco ASA VPN (RADIUS) app
Configure the Cisco ASA gateway
Configure optional settings
Test the Cisco RADIUS ASA VPN integration
Cisco FMC
Add the Cisco VPN for Firewall Management Center RADIUS app
Configure Cisco Firewall Management Center
Test the Cisco Firepower Management Center integration
Citrix Netscaler
Citrix Gateway supported versions, clients, features, and factors
Add the Citrix Gateway (RADIUS) app
Configure the Citrix Gateway
Configure optional settings
Citrix Gateway end user experience
F5 BigIP APM
Add the F5 BIG IP RADIUS app
Configure F5 BIG IP APM gateway
Configure F5 BIG IP optional settings
Test the F5 BIG IP integration
Fortinet Appliance
Add the Fortinet Fortigate (RADIUS) app
Configure the Fortinet gateway
Configure optional settings
Test the Fortinet appliance integration
Troubleshoot the Fortinet Application integration
NetMotion Mobility
Add the NetMotion Mobility (RADIUS) app
Netmotion Mobility - Add trusted root certificate
Configure NetMotion Mobility to work with RADIUS
NetMotion Mobility user experience
Palo Alto Networks VPN
Palo Alto Networks supported features and factors
Add the Palo Alto Networks VPN (RADIUS) app
Configure Palo Alto Networks VPN to use the Okta RADIUS
Configure optional settings
Test the Palo Alto Networks VPN integration
Troubleshoot the Palo Alto Network VPN integration
Pulse Connect Secure
Pulse Connect Secure supported versions, and factors
Add the Pulse Connect Secure (RADIUS) app
Configure the Pulse Connect Secure gateway
Pulse Secure optional settings
Test the Pulse Connect Secure integration
Sophos UTM
Add the Sophos UTM (RADIUS) app
Configure the Sophos USM gateway
Sophos UTM optional settings
Test the Sophos UTM integration
VMWare Horizon View
Add the VMware Horizon View (RADIUS) app
Configure the VMware Horizon View Connection Server
VMware Horizon View optional settings
Test the VMware Horizon integration
Autopush for RADIUS
RADIUS applications in Okta
Add the RADIUS app
Configure the RADIUS customer application
Test the generic RADIUS integration
Client IP reporting
Okta group membership information for authorization
RADIUS service address filtering
RADIUS server best practices
About certificates
About the Okta RADIUS server agent
Okta RADIUS Server Agent flow
RADIUS deployment architectures
RADIUS session persistence best practices
RADIUS throughput and scaling benchmarks
RADIUS common issues and concerns
RADIUS server logging
RADIUS network zones
SAML integration advantages
Org-level security
Administrator roles
Learn about administrators
Custom admin roles
Super administrators
Organization administrators
Application administrators
Group administrators
Group membership administrators
Help desk administrators
Report administrators
Mobile administrators
Read-only administrators
API Access Management administrators
Access requests administrators
Access certifications administrators
Workflows Administrator
Set up administrators
Use custom admin roles
Role permissions
Permission conditions
Work with the resource set component
Create a resource set
Edit a resource set
Resource set conditions
Create an admin assignment using a resource set
Work with the role component
Create a role
Edit a role
Create an admin assignment using a role
Use standard roles
Standard administrator roles and permissions
Edit resources for a standard role assignment
Work with the admin component
Create an admin role assignment using an admin
Configure help desk administrators
Configure third-party administrators
Remove an admin role assignment
Configure email notifications for an admin role
Configure administrator settings
Enable MFA for the Admin Console
Administrator resources
Administrators page
Best practices for group admin role assignments
Best practices for creating a custom role assignment
Guidance for structuring Okta groups
Get started with Okta
Govern Okta admin roles
Get started
Configure policies for Govern Okta admin roles apps
Access Requests for admin roles
Create an admin role bundle
Manage admin role bundles
Create an access request condition
Manage access request conditions
Manage an approval sequence
Request admin role assignment
Manage admin role access requests
Access Certifications for admin roles
Create campaigns to review admin roles
Manage campaigns
Review access to admin roles
Breached credentials protection
Configure breached credentials protection
Test your breached credentials protection configuration
User experience with breached credentials protection
Configure Admin Console session
General Security
Protected actions in the Admin Console
HealthInsight
About HealthInsight
HealthInsight tasks and recommendations
Limit the number of super admins
Disable weaker MFA factors in factor enrollment policies
Enforce a limited session lifetime for all policies
Suspicious Activity Reporting
Sign-on notifications for end users
Factor enrollment notifications for end users
Factor reset notifications for end users
Password changed notification for end users
Enable SAML or OIDC authentication for supported apps
Change the authentication frequency
Evaluate a risk score for each request
Blocklist network zones
Enable strong password settings for password policies
MFA for the Admin Console
Set required factors for MFA enrollment policies
Blocklist proxies with high sign-in failure rates
Network zones
Network zone types
IP zones
IP exempt zone
Dynamic zones
Enhanced dynamic zones
Supported IP service categories
Manage network zones
Create an IP zone
Create a dynamic zone
Create an enhanced dynamic zone
Edit or delete a network zone
Add IPs to a network zone from the System Log
Use network zones in your org
Generate a Proxy IP report
Add a network zone to policies
Create a network zone for IWA
Troubleshoot network zone issues using System Log
Use network zones with VPN notifications
Use zones in routing rules
Unblock false positives in System Log
Network zones FAQ
Recent Activity
Risk scoring
Behavior Detection and evaluation
About Behavior Detection
Improved New Device Behavior Detection
About behavior types
Behavior Detection System Log events
Configure Behavior Detection
Add a location behavior
Add IP behavior
Add device behavior
Add a velocity behavior
Add an ASN behavior
Manage behavior settings
Reset the user behavior profile
Add a behavior to a sign-on policy rule
Risk Scoring and Behavior Detection
Behavior Detection and risk evaluation FAQ
ThreatInsight
About Okta ThreatInsight
Configure Okta ThreatInsight
Exclude IP zones from Okta ThreatInsight evaluation
System Log events for Okta ThreatInsight
HealthInsight reporting on Okta ThreatInsight
Telephony
Choose telephony provider
Regulatory compliance
Prevent or mitigate telephony-based fraud
Configure and use telephony
Configure a telephony provider through an inline hook
Configure Workflows for Telephony
API access management
Build authorization servers
Create an authorization server
Create API access scopes
Create API access claims
Create access policies
Test your authorization server configuration
Add trusted servers
Rotate signing keys
Encrypt access tokens for authorization servers
Delete an authorization server
Manage Okta API tokens
Configure Trusted Origins
Trusted Origins for iFrame embedding
Allow access to Okta IP addresses
Mitigate the impact of third-party cookie deprecation
Identity Governance
Overview
Access Certifications Access Certifications
Campaigns
Get started
Customizable reviewer context
Governance analyzer
Configure Governance Analyzer settings
Best practices for creating campaigns
Create preconfigured campaigns
Discover inactive users campaign limits
Create resource campaigns
Create user campaigns
Recurring campaign considerations
Examples of Okta Expression Language
Understand Disable self-review
Understand remediation
Assignment methods
View the progress of an active campaign
View previously completed campaigns
Copy campaigns
Modify a scheduled campaign
Modify campaign's end date
Certification campaign reviews
Review campaigns
Reassign review items
Security access reviews
Get started
Launch a security access review
Understand remediation
Understand prioritization
Manage Security Access Reviews
Review access
Access Requests
Get started
Conditions
Configure policies for Access requests apps
Configure settings
Create a condition
Create an access request condition for a resource collection
Manage access request conditions
Configure an approval sequence
Request types
Configure your Okta org for request types
Create a team
Modify a list
Create a request type
Configure a request type associated with bundles
Request type settings
Create a sample Request Type
Create requests
End-User Dashboard
Access Requests web app
Slack
Microsoft Teams
Manage tasks
Escalate tasks
Manage requests
Export data
Notifications
Entitlement Management Entitlement Management
Get started
Considerations and limits
Provisioning-enabled apps
Apps with entitlement support
Configure a provisioning-enabled app
Provisioning-enabled app limits
Coupa requirements
GitHub Team requirements
Google Workspace requirements
NetSuite requirements
Salesforce requirements
Workday requirements
Enable Entitlement management
Create campaigns to audit entitlements
Entitlements
Create
Manage
Sync entitlements from provisioning-enabled apps
Revoke entitlements in downstream apps
Entitlement policy
Create policy
Examples of Okta Expression Language
Preview policy
Apply policy
Manage policy
Entitlement bundles
Create
Manage
Resource collections
Get started with resource collections
Create a resource collection
Manage resource collections
Manage resource collection assignments
Manage resource collection apps
Separation of duties
Get started with separation of duties
Create separation of duties rules
Manage separation of duties rules
Understand separation of duties conflicts
User and resource management
Resource owners
Assign resource owners
Change resource owners
Remove resource owners
Resource labels
Group ownership
Configure Okta group owners
Import from Active Directory
Update group profile attributes
Add custom attributes to the default group profile
Assign entitlements to users
Import user entitlements from CSV
Manage user entitlements
View user entitlements
Governance delegates
Assign delegate from the Admin Console
Manage delegates
Governance tasks for delegates
Settings
Enable end users to assign delegates
Integrations
Considerations and best practices for integrating Slack and Microsoft Teams
Integrate Slack
Configure settings for Slack
Integrate Microsoft Teams
Integrate Jira
Integrate ServiceNow
Enable AI
Allow requesters to escalate tasks
Reports
Active Campaign Summary
Column reference
Active Campaign Details
Column reference
Past Campaign Details
Column reference
Past Campaign Summary
Column reference
Auditor reporting package
Generate the auditor reporting package
Past Access Requests report
Past Access Requests (Conditions) report
Separation of duties report
User Entitlements report
Okta Privileged Access Okta Privileged Access
Requirements and limitations
Get started with Okta Privileged Access Okta Privileged Access
Set up Okta Privileged Access
Configure group sync
Users and Groups administration
Groups
Service users
Resource administration
Resource groups
Resource assignment
Manage service accounts
Certify service accounts
Manage Active Directory accounts
Requirements and limitations
Get started with Active Directory accounts
Grant Okta Active Directory (AD) agent password management permissions
Set up Active Directory domains
Active Directory account rules
Set up Active Directory account rules
Manual account assignment
Windows domain controller
Projects
Servers
Secrets
Secret folders
Okta service accounts
SaaS app service accounts
Active Directory accounts
Sudo command bundle
Create a sudo command bundle
System Configuration
Security administration
Security policy
Add rules to a policy
Rule conditions
Okta Privileged Access with Access Requests
Multifactor authentication
Privileged elevation
Checkout
Enable checkout
Force a checkin
Workloads
Requirements and limitations
Get started
Configure workload connection
CLI command for workload authentication
Configure workload roles
Principal SSH access for automated workloads
User guide
Deploy and manage servers
Install the Okta Privileged Access server agent
Install the Okta Privileged Access server agent on Red Hat (RHEL), Amazon Linux, or Alma Linux
Install the Okta Privileged Access server agent on SUSE Linux
Install the Okta Privileged Access server agent on Ubuntu or Debian
Install the Okta Privileged Access server agent on Windows
Server Enrollment
Create a server enrollment token
Verify server enrollment
Unenroll a server from Okta Privileged Access
Managed Okta Privileged Access server agent
Customize SSHD configurations for servers
Configure agent lifecycle management hooks for Okta Privileged Access
Configure the Okta Privileged Access server agent
Okta Privileged Access clients
Install the Okta Privileged Access client
Install the Okta Privileged Access client on macOS
Install the Okta Privileged Access client on Red Hat (RHEL), Amazon Linux, or Alma Linux
Install the Okta Privileged Access client on SUSE Linux
Install the Okta Privileged Access client on Ubuntu or Debian
Install the Okta Privileged Access client on Windows
Enroll the Okta Privileged Access client
Silently enroll the Okta Privileged Access client
Use the Okta Privileged Access client
SFT keyring
URL handler
SSH setup
Customize SSH configurations for clients
RDP setup
Configure clients for use with Okta Privileged Access
Configure Cygwin for Okta Privileged Access
Use PuTTY for Okta Privileged Access
Configure Royal TSX for Okta Privileged Access
Use WinSCP for Okta Privileged Access
Gateways
Install the Okta Privileged Access gateway
Install the Okta Privileged Access gateway on Red Hat (RHEL), or Amazon Linux
Install the Okta Privileged Access gateway on Ubuntu or Debian
Create tokens and labels
Configure the Okta Privileged Access gateway
Manage the Okta Privileged Access gateway
Session recording
Enable session recording on a project
Install the RDP Session transcoder
Manage session logs
Okta Privileged Access gateway capacity planning
Okta Privileged Access gateway high availability
Audit Events Integration with Okta System Log
Kubernetes access management
Configure Kubernetes access management
Kubernetes cluster connections
Reference
Roles and permissions
Okta Privileged Access accounts
Components
User attributes
Configure team-level user attributes
Import user attributes using custom mappings
Attribute conflicts
Okta Privileged Access port requirements
Security policy concepts
Server name resolution
Secret permissions
User management
User management in Linux
User management in Windows
Windows Internals
Supported SaaS apps
Supported operating systems
Get support
Automations and hooks
Automations
Add an automation
Inline hooks
Add an inline hook
Preview an inline hook
View usage metrics for your inline hooks
Delete an inline hook
Manage keys
Event hooks
Create an event hook
Edit an event hook filter
Okta Expression Language
Verify an event hook
Preview an event hook
Delegated flows
Run a delegated flow
User experience
Account settings
Set up contacts
Give access to Okta Support
Enable the Directories Debugger
Configure client-based rate limiting
Set up rate limit notifications
Configure your email notifications
Branding
Set a theme for your org
Customize your sign-in page
Understand Sign-In Widget color customization
Customize an error page
Apply your theme to Okta email notifications
Customize the footer for your org
Configure a custom domain
Disable the Okta loading page
Org display language
Customization settings
Customize personal information and password management
Configure optional user account fields
Customize a sign-out page
Configure a custom application error page
Customize the Content Security Policy (CSP) for a custom domain
Configure the Okta Browser Plugin settings
Manage dashboard tabs for end users
Configure reauthorization frequency for the Okta Admin Console
App settings for end users
Downloads
Email and SMS
Customize an email template
Test a customized email template
Customize an SMS message
Configure a custom email address
Velocity Template Language
Features
Okta Personal for Workforce
Configure interface updates
Configure app migration to Okta Personal
Okta Personal for Workforce user experience
Okta End-User Dashboard
End-user experience
Create sign-on policies with Okta Applications
Control access to the Okta End-User Dashboard
Recently used apps
Disable Okta communications to end users
Okta Browser Plugin
Security features
Allow users to add apps
Control access to the Okta Browser Plugin
Configure custom end-user portals
Prevent browsers from saving credentials
Okta Browser Plugin permissions for web extensions
Manage installation and upgrade
Make apps detectable to the Okta Browser Plugin
Silent installations
Chrome
Firefox
Internet Explorer
Supported browsers
End of support for TLS 1.1
Okta first-party App Switcher
References and specifications
Supported operating systems and browsers
Object IDs
Supported Okta email address characters
Supported display languages
Okta agent support policies
Okta disaster recovery
Initiate failover and failback for your org
Downloads and version histories
Okta Active Directory agent version history
Okta Active Directory Password Sync agent version history
Okta ADFS Plugin version history
Okta Browser Plugin version history
Okta Confluence Authenticator version history
Okta Device Trust for macOS Registration Task Version History
Okta Device Trust for Windows Desktop Registration Task Version History
Okta Hyperdrive agent version history
Okta Hyperspace agent version history
Okta Jira Authenticator version history
Okta LDAP agent version history
Okta MFA Credential Provider for Windows version history
Okta On-prem Connector version history
Okta On-Prem MFA agent version history
Okta Oracle Access Manager Plugin Version History
Okta People Picker for Sharepoint agent version history
Okta Provisioning agent and SDK version history
Okta RADIUS Server agent version history
Okta SSO IWA Web App version history
Okta Secure Access Monitor plugin version history
Validate agent downloads
Documentation for end users
Upgrade to Identity Engine
Migrate policies and apps from Microsoft Entra ID to Okta
Migration tasks
Prepare for the migration
Migrate policies
Migrate apps
Configure bookmark apps
Complete your Okta setup
Glossary
References and specifications
Glossary
Glossary