Skip to main content
Select Actions to adjust the guide
Some actions may require additional configuration in the provider to be accessible. Choose the actions you need and the guide will be updated.
Action
Scope(s)
Loading actions…
Dynamic Guide URL
Scopes Selected
Separator
Ensure that your Okta account has API Access Administrator, Organization Administrator, or Super Administrator privileges.

Getting Your Okta Credentials

To connect Okta with StackOne using OAuth 2.0, you’ll need your Okta domain and OAuth application credentials.

1

Log in to Okta

Log in to your Okta account at https://login.okta.com/

2

Find Your Okta Domain

Your Okta domain can be found in the URL when logged in to Okta.

  • Given the URL https://your-org.okta.com/app/UserHome, your domain is your-org.okta.com
  • For preview environments, the domain may be your-org.oktapreview.com
3

Navigate to Okta Admin Console

From your Okta homepage, click the Admin button in the top right corner.

4

Create an OAuth Application

Create an OAuth application to obtain your Client ID and Client Secret.

  • In the Admin Console, navigate to Applications > Applications
  • Click Create App Integration
  • Select OIDC - OpenID Connect as the Sign-in method
  • Select Web Application as the Application type
  • Click Next
5

Configure Application Settings

Configure your OAuth application with the appropriate settings.

  • Enter an App integration name (e.g., StackOne Integration)
  • Check Authorization Code and Refresh Token both under the Grant type
  • Set the Sign-in redirect URI to the callback URL provided by StackOne: https://api.stackone.com/connect/oauth2/okta/callback
  • Under Assignments, select the appropriate access level for your organization
  • Click Save
6

Copy Client Credentials

After saving, copy your OAuth credentials.

  • Client ID is displayed on the application’s General tab
  • Client Secret is also on the General tab (click the eye icon to reveal)
  • Store these credentials securely as you’ll need them for the connection
7

Configure API Scopes

Enables actions: Activate Device, Add User To Group, Create Group, Create Realm, Create User, Create User Type, Deactivate Device, Delete Device, Delete Group, Delete Realm, Delete User, Delete User Type, Get Device, Get Group, Get Realm, Get User, Get User Info, Get User Type, List Devices, List Group Members, List Groups, List Realms, List User Blocks, List User Types, List Users, Remove User From Group, Replace User, Replace User Type, Update Group, Update Realm, Update User, Update User Type

Navigate to the Okta API Scopes tab.
Grant the required OAuth scopes for this integration.
See Okta OAuth 2.0 Scopes for details.
When linking your account, also include the offline_access and openid scopes in the list of scopes.

Realm Access Configuration

Required for: Create Realm, Delete Realm, Get Realm, List Realms, Update Realm

Realm scopes require an Okta Identity Governance, Secure Partner Access, or Advanced Directory Management subscription.

1

Verify subscription eligibility

If your subscription does not include realm management, the API will return authorization errors.

  • Navigate to Settings > Account in the Admin Console to verify your subscription tier

Linking the Account from the Hub

1

Navigate to the Hub

Use one of the three Linking Account Methods to access the Hub.
2

Fill out the fields

Fill out the following fields using details from your provider:
  • Okta Domain
  • Client ID
  • Client Secret
  • Scopes (Optional)
  • Event Hook Name (Optional)
3

Connect

  • Click Connect
  • If applicable, the provider will redirect you to a sign-in or authorization page. Complete the provider’s authorization flow.
  • Once authorization is successful, you will see a confirmation popup

If the account linking is successful, you will see the newly linked account in your Accounts page.