Machine to Machine

Connect Okta (Machine to Machine) to Zluri

Machine-to-Machine (M2M) communication in Okta is an authorization method that allows backend services, applications, and/or devices to communicate securely without user intervention.

This is primarily achieved through the Client Credentials Grant flow of OAuth 2.0.

Prerequisites

  • Super Admin privileges in Okta
  • Okta Developer Edition organization

Integration steps

Create an Okta service app integration

  1. Log in to Okta with a Super Admin account.

  2. In the Admin Console, go to ApplicationsApplications, and then click Create App Integration.

  3. Under Sign-in method, select API Services, then click Next.

  4. Enter a name for your app integration and click Save.

  5. Copy the Client ID and store it securely. We'll use it in the final phase of the integration.

Generate a public and private key pair

  1. Under Client authentication, select Public key / Private key, then click Add key.

  2. Click Generate new key.

  3. Copy and securely save the value of kid, without the quotes (") and comma at the end.

    📘

    This will go under the Key ID field later in the connection process.

  4. Under the Private key section, click on PEM, then Copy to clipboard and securely save the key. Click Done.

  5. Click Save.

  6. Click Edit under General Settings.

Grant scopes and privileges

  1. In the Okta API Scopes tab, grant the following scopes:

    1. okta.users.read
    2. okta.groups.read
    3. okta.apps.read
    4. okta.logs.read
    5. okta.roles.read
    6. okta.domains.read
  2. Under the Admin roles tab, click Edit assignments.

  3. Add the following roles and click Save changes:

    1. API Access Management Administrator

    2. Read-only Administrator

    3. Read Role Admin; Set Resource set to Role.

Connect the Okta M2M instance in Zluri

  1. Open the Integrations Catalog, search for “okta”, and click ➕ Connect under Okta (Machine to Machine).

  2. Choose the scopes for the integration, and click Continue. You can click the down-arrow button towards the right of a scope to find out what it does.

  3. Enter the previously generated Client ID, Private key, and Key ID here.

    Base URL: if you access Okta using https://mycorp.okta.com/, enter it here. If you aren't sure, consult this doc to find your Okta base URL.

  4. Give the connection a name and description, and you’re ready to go!

Got questions? Feel free to submit a ticket or contact us directly at [email protected].