Skip to main content

Connect Okta to Porcia

Connect your Okta organization to automatically discover all applications your team accesses via Okta SSO.

Prerequisites

  • Okta organization (any tier)
  • Super Administrator privileges in Okta
  • 5-10 minutes for setup
You need Super Administrator access to grant the necessary permissions. If you don’t have admin access, ask your IT administrator to set this up.

What Porcia Will Discover

Once connected, Porcia will discover:

Applications

All applications configured in your Okta org

User Assignments

Which team members have access to each application

Group Assignments

Group-based application access

Usage Analytics

Login frequency and usage patterns

Step-by-Step Setup

Unlike Google and Microsoft, Okta uses API token authentication rather than OAuth. You’ll need to generate an API token in your Okta Admin Console before connecting.
1

Generate an Okta API Token

In your Okta Admin Console:
  1. Go to Security → API → Tokens
  2. Click Create Token
  3. Give it a name (e.g., “Porcia Integration”)
  4. Copy the token — you’ll only see it once
The token requires read access to system logs. Ensure the admin account generating the token has Super Administrator privileges.
2

Navigate to SSO Integration

Go to Settings → Integrations → SSO in your Porcia dashboard
3

Click 'Connect Okta'

Click the Connect Okta button. A configuration modal will appear.
4

Enter Your Okta Domain and API Token

In the modal, fill in:
  • Okta Domain — e.g., yourcompany.okta.com (no https://)
  • API Token — the token you generated in Step 1
5

Submit

Click Connect to save the configuration. Porcia will validate the credentials and begin the initial sync.
6

Wait for Initial Sync

The initial sync begins automatically and takes 5-10 minutes. Porcia will:
  • Discover all applications in your Okta org
  • Map user and group assignments
  • Analyze recent authentication events
  • Match applications to vendor database
7

View Discovered Applications

Once sync completes, go to your dashboard to see all discovered applications

Permissions Explained

What We Can Access

Porcia uses your Okta API token (read-only) to access: Application Data (Read-Only):
  • ✅ Application names, logos, and descriptions
  • ✅ Application types (SAML, OIDC, SWA, etc.)
  • ✅ Application status (active/inactive)
  • ✅ Application settings and configurations
User Data (Read-Only):
  • ✅ User profiles (name, email, department)
  • ✅ User status (active/suspended/deprovisioned)
  • ✅ User assignments to applications
  • ✅ User group memberships
Group Data (Read-Only):
  • ✅ Group names and descriptions
  • ✅ Group memberships
  • ✅ Group assignments to applications
Log Data (Read-Only):
  • ✅ Authentication events
  • ✅ Application access logs
  • ✅ System audit logs

What We CANNOT Do

  • Modify users - We never add, remove, or change users
  • Change app assignments - We never modify who has access to what
  • Access user credentials - We never see passwords or authentication tokens
  • Modify applications - We never change app configurations
  • Create resources - We never create new apps, users, or groups
All permissions are read-only. Porcia cannot make any changes to your Okta configuration.

What Gets Discovered

Application Types

SAML Applications:
  • Salesforce, ServiceNow, AWS SSO
  • Custom SAML integrations
  • Enterprise applications
OIDC/OAuth Applications:
  • Modern web applications
  • Mobile applications
  • API integrations
SWA (Secure Web Authentication):
  • Legacy applications with form-based login
  • Applications without modern SSO support
Bookmark Applications:
  • Internal links and bookmarks
  • Quick access applications
Information extracted for each app:
  • Application name and logo
  • Vendor identification
  • User and group assignments
  • Authentication frequency
  • Last access date
  • Application status

User Access Patterns

Analytics Porcia provides:
  • Most used applications by team
  • Unused application assignments
  • Authentication frequency distribution
  • Failed authentication attempts
  • Group-based access patterns
  • Shadow IT detection (apps added without approval)

Okta Integration Types

Porcia supports all Okta deployment types:

Okta Workforce Identity

Standard Okta for employees:
  • Full application discovery
  • User and group management
  • Authentication analytics
  • Policy insights

Okta Customer Identity (Auth0)

Customer-facing applications:
  • Limited to internal admin applications
  • Customer applications not included
  • Focus on internal tool discovery

Okta Preview

Preview/sandbox environments:
  • Full functionality available
  • Useful for testing integrations
  • Separate from production data
You can connect both production and preview Okta orgs to compare configurations and plan changes.

Troubleshooting

Connection Failed

Error: “Invalid domain”
  • Verify your Okta domain is correct (e.g., company.okta.com)
  • Don’t include https:// in the domain
  • Check for typos in the domain name
Error: “Invalid API token”
  • Ensure the token was copied correctly (no extra spaces)
  • Verify the token hasn’t been revoked in Okta Admin Console
  • Generate a new token if needed: Security → API → Tokens
Error: “Insufficient privileges”
  • Ensure the admin account that generated the token has Super Administrator privileges
  • Check that the account hasn’t been restricted

No Applications Discovered

If no applications appear after sync:
  1. Wait longer - Large Okta orgs can take 10-15 minutes for initial sync
  2. Check applications - Verify your Okta org has applications configured
  3. Verify permissions - Ensure all required API scopes were granted
  4. Check application status - Only active applications are discovered

Sync Stopped Working

If sync stops after working initially:
  1. Check connection status - Go to Settings → Integrations → SSO
  2. Reconnect if needed - Click Reconnect if status shows “Disconnected”
  3. Check API token - OAuth tokens may expire; reconnect to refresh
  4. Check rate limits - Okta has API rate limits; sync will resume automatically
Need Help? Check our FAQ or contact support@porcia.org for SSO troubleshooting assistance.

Okta Admin Console

Viewing Applications

To see all applications in your Okta org:
  1. Go to Okta Admin Console → Applications → Applications
  2. View all configured applications
  3. Filter by Status, Type, or Assignment

Managing App Assignments

To control who has access to applications:
  1. Go to Applications → [Select App] → Assignments
  2. View People and Groups tabs
  3. Add or remove assignments as needed

System Logs

To view authentication and system logs:
  1. Go to Okta Admin Console → Reports → System Log
  2. Filter by Event Type (Authentication, Application, etc.)
  3. Search by User, Application, or IP Address

API Management

To manage API access and tokens:
  1. Go to Okta Admin Console → Security → API
  2. View Tokens for API token management
  3. View Trusted Origins for CORS settings

Okta Editions

Porcia works with all Okta editions:
FeatureStarterWorkforce IdentityEnterprise
Application Discovery✅ Full✅ Full✅ Full
User Assignments✅ Full✅ Full✅ Full
System Logs⚠️ Limited✅ 90 days✅ 90 days
Advanced Analytics❌ Not available✅ Available✅ Available
API Rate LimitsLowerStandardHigher
Higher Okta editions provide more detailed logs and analytics, resulting in richer insights in Porcia.

Data Sync Frequency

Initial Sync:
  • Complete application catalog
  • All user and group assignments
  • 30 days of authentication logs (if available)
  • System audit logs
Ongoing Sync:
  • Applications: Daily (new apps, configuration changes)
  • Assignments: Daily (new assignments, group changes)
  • Authentication logs: Daily (login events, activity)
  • System logs: Daily (configuration changes)
You can manually trigger a sync anytime from Settings → Integrations → SSO → Sync Now.

Privacy & Security

Data Storage

  • User directory - Names, emails, departments (encrypted)
  • Application catalog - App names, logos, configurations
  • Authentication logs - Login events, frequency (anonymized in reports)
  • Assignment data - User-to-app and group-to-app relationships

Data Protection

  • Encryption - AES-256 at rest, TLS 1.3 in transit
  • Access control - Only workspace admins can view detailed user data
  • Audit logs - Complete audit trail of all sync activity
  • Token security - OAuth tokens stored securely with encryption at rest

Compliance

  • Data privacy - Right to access, delete, and export data (GDPR compliance in progress)
  • Okta Security - Follows Okta’s security best practices
  • Zero Trust - Compatible with Zero Trust security models
Security: Porcia follows industry-standard security practices including end-to-end encryption and role-based access control. Full security documentation coming soon.

Disconnecting Okta

To disconnect your Okta organization:
  1. Go to Settings → Integrations → SSO
  2. Find Okta connection
  3. Click Disconnect
  4. Confirm disconnection
Disconnecting will stop new application discovery and usage tracking. Historical data will be preserved unless you choose to delete it.

Revoke Access in Okta

To completely revoke Porcia’s access:
  1. Go to Okta Admin Console → Security → API → Tokens
  2. Find the token you created for Porcia
  3. Click Revoke to disable access

Advanced Okta Features

Okta Workflows Integration

If you use Okta Workflows:
  • Porcia can discover workflow-triggered applications
  • Automated provisioning events are tracked
  • Workflow-based access patterns are analyzed

Okta Identity Governance

For organizations with Identity Governance:
  • Access certification data is included
  • Compliance reporting is enhanced
  • Risk-based access patterns are identified

Multi-Org Okta

For organizations with multiple Okta orgs:
  • Connect each org separately to Porcia
  • Unified view across all organizations
  • Useful for merger and acquisition scenarios

Next Steps

Connect Email

Add email discovery for complete visibility

Install Extension

Track browser usage

Manage Vendors

Organize discovered applications

View Analytics

Analyze application usage