Install the Okta Provisioning Agent

Before configuring on-premises provisioning for an appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in., install the Linux or Windows Okta ProvisioningProvisioning is the enterprise-wide configuration, deployment, and management of multiple types of IT system resources. Specifically, provisioning provides users access to equipment, software, or services. This involves creating, maintaining and deactivating required business process automation objects and attributes in systems, directories, and applications. AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.. You can connect your Okta Provisioning Agent to multiple on-premises apps, but you must provide a unique SCIM serverAn end point that can process SCIM messages sent by the provisioning agent. This can be an application that natively supports SCIM or a SCIM connector that acts as an intermediary between the provisioning agent and the on-prem application. URL for each app.


  1. On your okta-adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. app instance page, go to the Provisioning tab and then click Download Provisioning Agent.
  2. Or

    ON the Okta Admin Console, go to SettingsDownloads, and then click Download for the Okta Provisioning Agent (x64 RPM).

  3. When the Okta Provisioning Agent is downloaded, sign in as root to your Linux server.
  4. Copy the Okta Provisioning Agent .rpm file to a scratch directory, and then cd to that directory.
  5. Install using yum by entering the following:
  6. yum localinstall <package name>

    For example, yum localinstall OktaProvisioningAgent*.rpm

  7. When you are prompted to continue, enter y.
  8. After the installation succeeds, copy the command on your screen and run the script as root:
  9. sudo /opt/OktaProvisioningAgent/

  10. Enter the URL of you orgThe Okta container that represents a real-world organization. at the prompt (for example:
  11. In your browser, go to the URL that you are provided, and sign in with your username and password.
  12. To enable the Okta Provisioning Agent to access the Okta API, click Allow Access.
  13. Note: If you haven't enabled TLS 1.2 protocol or are using an earlier version, see Enable the Transport Layer Security 1.2 protocol.

  14. Return to the command line. After you receive a successful configuration message, copy and enter the command:
  15. service OktaProvisioningAgent start

  16. To confirm that the agent is running, enter the following:
  17. service OktaProvisioningAgent status


  1. On the Okta Admin Console, go to SettingsDownloads.
  2. Click Download for the Windows Okta Provisioning Agent.
  3. Launch the installer, and then click Next.
  4. In the License Agreement dialog box, click Next.
  5. Optional. Change the installation folder, and then click Install.
  6. Enter your Okta Customer DomainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). URL, and then click Next.
  7. In your browser, sign in to your org.
  8. Grant permission to access the Okta API by clicking Allow Access.
  9. Return to the installer, and then click Finish.
  10. Sign in to Okta.
  11. Note: If you haven't enabled TLS 1.2 protocol or are using an earlier version, see Enable the Transport Layer Security 1.2 protocol.

  12. In Admin Console, select Agents. Verify that the configured on-premises agent is in the list.

Next steps