Guides
System StatusRaise a TicketZluri Website

Machine to Machine (Custom Admin Role)

Connect Okta (Machine to Machine) to Zluri using a custom admin role

Suggest Edits

Machine-to-Machine (M2M) communication in Okta is an authorization method that allows backend services, applications, and/or devices to communicate securely without user intervention.

This is primarily achieved through the Client Credentials Grant flow of OAuth 2.0.

Prerequisites

  • Super Admin privileges in Okta
  • Okta Developer Edition organization

Integration steps

Create a custom admin role

  1. Log in to Okta with a Super Admin account.

  2. In the admin dashboard, navigate to Security Administrators, then go to the Roles tab.

  3. Click Create new role.

  4. Name the role appropriately, considering its purpose or context.

  5. Depending on your use case, enable one of the following sets of permissions:

    Minimum required privilegesMaximum privileges
    User: View users and their details
    Group: View groups and their details
    Identity and Access Management: View roles, resources, and admin assignments
    Application: View application and their details
    Directories: View application directory integration    		User:

    - Edit users' lifecycle states
    - View users and their details
    - Edit users' profile attributes
    - Edit users' application assignments
    - Create users
    - Edit users' group membership
    Group: Manage groups
    Identity and Access Management: View roles, resources, and admin assignments
    Application: Manage applications
    Directories: Manage application directory integration

Generate a new resource set

  1. In the admin dashboard, navigate to Security Administrators, then go to the Resources tab. Then, click Create new resource set.

  2. Enter a name for the resource set information and click ➕ Add resource.

  3. On the Add Resource pop-up, select GroupsAll groups, then click Save selection.

📘

If you wish to do this for specific groups instead of all, click Select groups instead of All groups. See this section to learn more.

  1. Repeat the process for Users, Applications, and Identity and Access Management.
  2. Click Create to generate the new resource set.

(Optional) Grant access only to specific groups and/or users

If you don't wish to grant access to all groups, follow these steps:

  1. On the Add Resource pop-up, select Groups.

📘

If you wish to do this for users instead of groups, select Users here

  1. Click on Select groups, search for and select the group you wish to grant access to (IT team in this case). Click Save selection.

Create an Okta service app integration

  1. Log in to Okta with a Super Admin account.

  2. In the Admin Console, go to ApplicationsApplications, and then click Create App Integration.

  3. Under Sign-in method, select API Services, then click Next.

  4. Enter a name for your app integration and click Save.

  5. Copy the Client ID and store it securely. We'll use it in the final phase of the integration.

Generate a public and private key pair

  1. Under Client authentication, select Public key / Private key, then click Add key.

  2. Click Generate new key.

  3. Copy and securely save the values of e, kid, and n without the quotes (") and commas at the end.

  4. Under the Private key section, click on PEM, then Copy to clipboard and securely save the key. Click Done.

  5. Click Save.

  6. Click Edit under General Settings.

Grant scopes and privileges

  1. In the Okta API Scopes tab, grant the following scopes:

    1. okta.users.read
    2. okta.groups.read
    3. okta.apps.read
    4. okta.logs.read
    5. okta.roles.read
    6. okta.domains.read

  2. Under the Admin roles tab, click Edit assignments.

  3. Add the following roles and click Save changes:

    1. API Access Management Administrator

    2. Read-only Administrator

    3. Read Role Admin; Set Resource set to Role.

Connect the Okta M2M instance in Zluri

  1. Open the Integrations Catalog, search for “okta”, and click ➕ Connect under Okta (Machine to Machine).

  2. Choose the scopes for the integration, and click Connect it myself. You can click the down-arrow button towards the right of a scope to find out what it does.

  3. Enter the previously generated Client ID, Private key. Fill out the other fields as follows:

    1. Base URL: if you access Okta using https://mycorp.okta.com, enter it here. If you aren't sure, consult this doc to find your Okta base URL.

    2. Key ID, Modulus, and Exponent: The values of kid, n, and e respectively from step 3 in Generate a public and private key pair section.


  1. Give the connection a name and description, and you’re ready to go!

Got questions? Feel free to submit a ticket or contact us directly at [email protected].

Updated 19 days ago