Okta
Okta is the workforce identity incumbent — its Identity Cloud platform (also called the Okta Workforce Identity Platform) covers Single Sign-On, Adaptive MFA, Universal Directory, Lifecycle Management, Identity Governance, Privileged Access, Device Access, Identity Threat Protection, Identity Security Posture Management, Access Gateway, and API Access Management. Customer identity is handled by Auth0, which Okta acquired in 2021 and now operates as its consumer-facing identity arm. The platform now extends to securing AI agents via Okta for AI Agents and the Cross-App Access (XAA) protocol — an emerging OAuth profile based on the IETF ID-JAG draft for agent-to-app authorization. The Okta Management API is the primary developer surface, with an official MCP server (okta-mcp-server) exposing administrative operations to LLM agents under human-in-the-loop confirmation.
APIs
Okta API
The Okta Management API is the unified identity and access management interface for the Okta Workforce Identity Platform. It allows developers to integrate authentication, autho...
Cross-App Access (XAA)
Cross-App Access is Okta's emerging OAuth profile for secure agent-to-app and app-to-app authorization, based on the IETF draft "OAuth Identity Assertion Authorization Grant" (I...
Okta for AI Agents
Okta for AI Agents secures the full lifecycle of AI agents — discovery, registration with mandatory human ownership, least-privilege scope enforcement, runtime monitoring, and i...
Collections
Okta API
POSTMANArazzo Workflows
Okta Assign Admin Role to Group
Assign an administrator role to a group and verify the assignment.
ARAZZOOkta Assign Admin Role to User
Assign an administrator role to a user and verify the assignment.
ARAZZOOkta Assign Group to Application
Find a group by name and assign it to an application for bulk access.
ARAZZOOkta Create and Activate Application
Create an application in INACTIVE state and then activate it.
ARAZZOOkta Create and Activate Authenticator
Add an authenticator to the org and activate it for enrollment.
ARAZZOOkta Create and Activate Group Rule
Create a dynamic group rule and activate it so it begins evaluating.
ARAZZOOkta Create and Refresh Session
Create a session from a session token and extend its lifetime.
ARAZZOOkta Create Application, Assign User, and Activate
Create an application, assign a user to it, then activate the application.
ARAZZOOkta Create Policy with Rule and Activate
Create a policy, add a rule to it, and activate the policy.
ARAZZOOkta Create User with Group Membership
Create a user pre-seeded with groups, then verify their memberships.
ARAZZOOkta Deactivate and Delete User
Deactivate a user and then permanently delete the deprovisioned account.
ARAZZOOkta Enroll and Activate User Factor
Enroll an MFA factor for a user and activate it with a passcode.
ARAZZOOkta Find User and Assign Application
Look up a user by login and assign them to an application if found.
ARAZZOOkta Find User and Suspend
Look up a user by login and suspend them if an active match exists.
ARAZZOOkta Onboard User to Group and Application
Create a user, add them to a group, then assign them to an application.
ARAZZOOkta Restore Suspended User
Unsuspend a user and verify they are returned to an active state.
ARAZZOOkta Reset and Re-enroll User Factor
Reset all of a user's MFA factors and enroll a fresh factor.
ARAZZOOkta Update Group Rule Expression
Deactivate a group rule, update its expression, then reactivate it.
ARAZZOGraphQL
Okta GraphQL Schema
Okta does not currently expose a public GraphQL API endpoint. The platform's primary developer surface is the Okta Management REST API, supplemented by the Events API (AsyncAPI)...
GRAPHQLPricing Plans
Rate Limits
FinOps
Okta Finops
FINOPSFeatures
Event Specifications
Okta Event Hooks and Log Streams
AsyncAPI description of Okta's two outbound event delivery surfaces: 1. **Event Hooks** — Okta POSTs a CloudEvents-style envelope to a customer-owned HTTPS endpoint whenever a s...
ASYNCAPI