> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tracecat.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta

> Reference for the Tracecat Okta integration: registered actions, required secrets, expected inputs, and example workflow usage.

## Activate user

Action ID: `tools.okta.activate_user`

Activate a user account in Okta.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/userlifecycle/#tag/UserLifecycle/operation/activateUser](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/userlifecycle/#tag/UserLifecycle/operation/activateUser)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="user_id" type="string" required>
  User ID, login, or email of the user to activate
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta domain base URL (e.g., '[https://your-org.okta.com](https://your-org.okta.com)')

  Default: `null`.
</ParamField>

<ParamField path="send_email" type="boolean">
  Whether to send an activation email to the user

  Default: `true`.
</ParamField>

## Add user to group

Action ID: `tools.okta.add_to_group`

Add a user to a specific group in Okta.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/group/#tag/Group/operation/assignUserToGroup](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/group/#tag/Group/operation/assignUserToGroup)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="group_id" type="string" required>
  ID of the group to add the user to
</ParamField>

<ParamField path="user_id" type="string" required>
  User ID, login, or email to add to the group
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta domain base URL (e.g., '[https://your-org.okta.com](https://your-org.okta.com)')

  Default: `null`.
</ParamField>

## Assign group to application

Action ID: `tools.okta.assign_group_to_app`

Assign a group to an application in Okta.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/applicationgroups/#tag/ApplicationGroups/operation/updateGroupAssignmentToApplication](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/applicationgroups/#tag/ApplicationGroups/operation/updateGroupAssignmentToApplication)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="app_id" type="string" required>
  Application ID to assign the group to
</ParamField>

<ParamField path="group_id" type="string" required>
  Group ID to assign to the application
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta domain base URL (e.g., '[https://your-org.okta.com](https://your-org.okta.com)')

  Default: `null`.
</ParamField>

<ParamField path="priority" type="integer | null">
  Priority of the group assignment (0-100)

  Default: `null`.
</ParamField>

## Clear user sessions

Action ID: `tools.okta.clear_user_sessions`

Clear all active sessions for a user in Okta.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/usersessions/#tag/UserSessions/operation/revokeUserSessions](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/usersessions/#tag/UserSessions/operation/revokeUserSessions)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="user_id" type="string" required>
  User ID, login, or email of the user whose sessions to clear
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta domain base URL (e.g., '[https://your-org.okta.com](https://your-org.okta.com)')

  Default: `null`.
</ParamField>

## Create user

Action ID: `tools.okta.create_user`

Create a new user in your Okta organization.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/user/#tag/User/operation/createUser](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/user/#tag/User/operation/createUser)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="email" type="string" required>
  Email address of the new user
</ParamField>

<ParamField path="first_name" type="string" required>
  First name of the new user
</ParamField>

<ParamField path="last_name" type="string" required>
  Last name of the new user
</ParamField>

<ParamField path="activate" type="boolean">
  Whether to activate the user immediately

  Default: `true`.
</ParamField>

<ParamField path="additional_attributes" type="object | null">
  Additional user profile attributes

  Default: `null`.
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta domain base URL (e.g., '[https://your-org.okta.com](https://your-org.okta.com)')

  Default: `null`.
</ParamField>

<ParamField path="login" type="string | null">
  Login for the user (defaults to email if not provided)

  Default: `null`.
</ParamField>

## Expire password

Action ID: `tools.okta.expire_password`

Expire password for an Okta user and will force the user to set a new password on next sign-in.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/usercred/#tag/UserCred/operation/expirePassword](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/usercred/#tag/UserCred/operation/expirePassword)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="user_id" type="string" required>
  ID of an existing user.
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta organization URL.

  Default: `null`.
</ParamField>

<ParamField path="revoke_sessions" type="boolean">
  Revoke all sessions for the user.

  Default: `false`.
</ParamField>

## Expire password with temporary password

Action ID: `tools.okta.expire_password_with_temp_password`

Expire password for an Okta user and will return a temporary password.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/usercred/#tag/UserCred/operation/expirePasswordWithTempPassword](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/usercred/#tag/UserCred/operation/expirePasswordWithTempPassword)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="user_id" type="string" required>
  ID of an existing user.
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta organization URL.

  Default: `null`.
</ParamField>

<ParamField path="revoke_sessions" type="boolean">
  Revoke all sessions for the user.

  Default: `false`.
</ParamField>

## Get group members

Action ID: `tools.okta.get_group_members`

List all users that are members of a specific group.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/group/#tag/Group/operation/listGroupUsers](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/group/#tag/Group/operation/listGroupUsers)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="group_id" type="string" required>
  ID of the group to get members for
</ParamField>

<ParamField path="after" type="string | null">
  Pagination cursor to start from

  Default: `null`.
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta domain base URL (e.g., '[https://your-org.okta.com](https://your-org.okta.com)')

  Default: `null`.
</ParamField>

<ParamField path="limit" type="integer">
  Number of members to return (default 200)

  Default: `200`.
</ParamField>

## Get groups assigned to user

Action ID: `tools.okta.get_groups_assigned_to_user`

List all groups that a user is a member of.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/userresources/#tag/UserResources/operation/listUserGroups](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/userresources/#tag/UserResources/operation/listUserGroups)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="user_id" type="string" required>
  User ID, login, or email to get group memberships for
</ParamField>

<ParamField path="after" type="string | null">
  Pagination cursor to start from

  Default: `null`.
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta domain base URL (e.g., '[https://your-org.okta.com](https://your-org.okta.com)')

  Default: `null`.
</ParamField>

<ParamField path="limit" type="integer">
  Maximum number of groups to return (default 200)

  Default: `200`.
</ParamField>

## Get user

Action ID: `tools.okta.get_user`

Retrieve a specific user by ID, login, or email from your Okta organization.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/user/#tag/User/operation/getUser](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/user/#tag/User/operation/getUser)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="user_id" type="string" required>
  User ID, login, or email of the user to retrieve
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta domain base URL (e.g., '[https://your-org.okta.com](https://your-org.okta.com)')

  Default: `null`.
</ParamField>

## List groups in organization

Action ID: `tools.okta.list_groups_in_org`

List all groups in your Okta organization with optional filtering.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/group/#tag/Group/operation/listGroups](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/group/#tag/Group/operation/listGroups)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="after" type="string | null">
  Pagination cursor to start from

  Default: `null`.
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta domain base URL (e.g., '[https://your-org.okta.com](https://your-org.okta.com)')

  Default: `null`.
</ParamField>

<ParamField path="limit" type="integer">
  Number of groups to return (default 200)

  Default: `200`.
</ParamField>

<ParamField path="search" type="string | null">
  Search expression for filtering groups

  Default: `null`.
</ParamField>

## List users

Action ID: `tools.okta.list_users`

List all users in your Okta organization with optional filtering and search.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/user/#tag/User/operation/listUsers](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/user/#tag/User/operation/listUsers)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="after" type="string | null">
  Pagination cursor to start from

  Default: `null`.
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta domain base URL (e.g., '[https://your-org.okta.com](https://your-org.okta.com)')

  Default: `null`.
</ParamField>

<ParamField path="filter" type="string | null">
  Filter expression for users

  Default: `null`.
</ParamField>

<ParamField path="limit" type="integer">
  Number of users to return (default 200)

  Default: `200`.
</ParamField>

## Lookup user by email

Action ID: `tools.okta.lookup_user_by_email`

Get an Okta user by email.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/user/#tag/User/operation/listUsers](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/user/#tag/User/operation/listUsers)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="email" type="string" required>
  Email of an existing user.
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta organization URL.

  Default: `null`.
</ParamField>

## Remove user from group

Action ID: `tools.okta.remove_from_group`

Remove a user from a specific group in Okta.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/group/#tag/Group/operation/unassignUserFromGroup](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/group/#tag/Group/operation/unassignUserFromGroup)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="group_id" type="string" required>
  ID of the group to remove the user from
</ParamField>

<ParamField path="user_id" type="string" required>
  User ID, login, or email to remove from the group
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta domain base URL (e.g., '[https://your-org.okta.com](https://your-org.okta.com)')

  Default: `null`.
</ParamField>

## Reset password

Action ID: `tools.okta.reset_password`

Reset password for an Okta user and send a password reset email or return a password reset link.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/usercred/#tag/UserCred/operation/resetPassword](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/usercred/#tag/UserCred/operation/resetPassword)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="user_id" type="string" required>
  ID of an existing user.
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta organization URL.

  Default: `null`.
</ParamField>

<ParamField path="revoke_sessions" type="boolean">
  Revoke all sessions for the user.

  Default: `false`.
</ParamField>

<ParamField path="send_email" type="boolean">
  Sends a OTT link email to the user, if false returns password reset link.

  Default: `true`.
</ParamField>

## Revoke sessions

Action ID: `tools.okta.revoke_sessions`

Revoke all IdP sessions for an Okta user.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/usersessions/#tag/UserSessions/operation/revokeUserSessions](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/usersessions/#tag/UserSessions/operation/revokeUserSessions)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="user_id" type="string" required>
  ID of an existing user.
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta organization URL.

  Default: `null`.
</ParamField>

## Search users

Action ID: `tools.okta.search_users`

Search for users using a query string that matches login, email, firstName, or lastName.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/user/#tag/User/operation/listUsers](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/user/#tag/User/operation/listUsers)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="query" type="string" required>
  Query string to search for users
</ParamField>

<ParamField path="after" type="string | null">
  Pagination cursor to start from

  Default: `null`.
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta domain base URL (e.g., '[https://your-org.okta.com](https://your-org.okta.com)')

  Default: `null`.
</ParamField>

<ParamField path="limit" type="integer">
  Number of users to return (default 10)

  Default: `10`.
</ParamField>

## Suspend user

Action ID: `tools.okta.suspend_user`

Suspend an Okta user.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/userlifecycle/#tag/UserLifecycle/operation/suspendUser](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/userlifecycle/#tag/UserLifecycle/operation/suspendUser)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="user_id" type="string" required>
  ID of an existing user.
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta organization URL.

  Default: `null`.
</ParamField>

## Unsuspend user

Action ID: `tools.okta.unsuspend_user`

Unsuspend an Okta user.

Reference: [https://developer.okta.com/docs/api/openapi/okta-management/management/tags/userlifecycle/#tag/UserLifecycle/operation/unsuspendUser](https://developer.okta.com/docs/api/openapi/okta-management/management/tags/userlifecycle/#tag/UserLifecycle/operation/unsuspendUser)

### Secrets

Required secrets:

* `okta`: required values `OKTA_API_TOKEN`.

### Input fields

<ParamField path="user_id" type="string" required>
  ID of the user to unsuspend.
</ParamField>

<ParamField path="base_url" type="string | null">
  Okta organization URL.

  Default: `null`.
</ParamField>