Connect to OKTA

What does this connector do?

OKTA connection syncs a list of employees from your OKTA system in ControlMap. The connector also checks for 

1. Admin users in OKTA

2. MFA status for each user 

3. MFA status for admin users


Connecting to Okta

To connect ControlMap to OKTA, you will need Admin access to OKTA , record the OKTA domain name and create an API token in OKTA.


1. OKTA domain name

This is your organization's OKTA URL. Ensure that your record the primary URL and not the admin (*-admin) or DEV URL (*-dev) 

For example, (and not or



2. API Token 

To create an API token, follow these steps:

  1. Sign in to your OKTA organization as a user with administrator privileges (opens a new window). *API tokens have the same permissions as the user who creates them, and if the user permissions change, the API token permissions also change
  2. In the Admin Console, select Security > API from the menu and select the Tokens tab.
  3. Click Create Token.
  4. Name your token and click Create Token.
  5. Record the token value. This is the only opportunity to see it and record it.

You can read more about OKTA API tokens here.

3. Permissions

For OKTA admin permissions to showcase correctly in ControlMap, you'll need to add to the ControlMap application in OKTA API Scopes.