Skip to main contentSkip to docs navigation
Docs
  • English (United States)
  • 日本語 (日本)
  • Français (France)
    • Identity Engine
    • Classic Engine
    • Access Gateway
    • Advanced Server Access
    • Aerial
    • Identity Security Posture Management
    • Workflows
    • Identity Engine
    • Classic Engine
    • Access Gateway
    • Advanced Server Access
    • Aerial
    • Identity Security Posture Management
    • Workflows
  • Okta Developer
    • Auth0 Docs
    • Auth0 FGA Docs
  • Training
  • Support
    • English (United States)
    • 日本語 (日本)
    • Français (France)

Feedback
Identity Engine publication
  • Okta Identity Engine
  • Release notes
    • Production
    • Preview
    • Early Access
    • Okta Verify release notes
      • Okta Verify for Android
      • Okta Verify for iOS
      • Okta Verify for macOS
      • Okta Verify for Windows
    • Identity Governance
    • Okta Privileged Access
      • Device tools
      • Platform
    • Archive
      • 2026
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
  • Get started
  • Upgrade to Okta Identity Engine
    • Eligibility tasks
      • Update Event hook endpoints
      • Prepare Okta Mobile users for upgrade
      • Turn off Mobile Device Trust
      • Delete IWA routing rules
      • Upgrade the Sign-In Widget
      • Prepare your customizations for upgrade
      • Prepare Terraform for upgrade
      • Rename Duo Security custom IdP
      • Skip email auto-enrollment
    • Feature changes
      • App intent links
      • App sign-on policies
        • App sign-on policy migration
      • Custom app login
      • Device Trust for desktop devices
      • Device Trust for mobile devices
      • Device Trust for Workspace ONE mobile
      • Email as an optional authenticator
      • Email enhancements
      • End-User Settings
      • Federated inbound sign-in flow
      • Global redirect
      • Integrated Windows Authentication
      • Multifactor authentication
      • MFA enrollment policy
      • Okta Mobile
      • Okta Verify with Okta FastPass
      • Okta sign-on policies
      • Office 365 single sign-out
      • Office 365 Custom User Agent
      • Office 365 MFA pass claim
      • Password reset and account recovery
      • Phone authenticator
      • Registration hooks
      • Secondary email for authentication and recovery
      • Secondary email as an optional user account field
      • Security questions and answers
      • Self-service registration
      • Sign-In Widget
      • Suspicious activity reporting
    • Self-service upgrade process
      • Self-service upgrade action items
      • Upgrade test plan
        • Record your Classic Engine experience
        • Test the upgrade in Identity Engine
        • Validate your upgrade
        • Replace your custom app login URL
        • Replace Desktop Device Trust with Okta FastPass
        • Replace Workspace ONE Device Trust mobile with Okta FastPass
        • Troubleshoot Device Trust
        • Post-upgrade behavior
        • Sign-in flows
      • Roll back to Classic Engine
        • Initiate a rollback request
        • Behavior after a rollback
    • Upgrade FAQ
      • From Device Trust to Okta FastPass
  • Monitoring and reports
    • Administrator Dashboard
      • View your org at a glance
      • View your org agents' status
      • View Okta service status
      • Monitor your tasks
      • Monitor your org's security
      • Monitor your SSO apps
      • Admin Console search
    • Reports
      • Entitlements and access
        • Group membership
        • User accounts
        • User app access
      • Application usage
      • Okta password health
      • SAML capable apps
      • Application access
      • Authentication activity
      • MFA activity
      • MFA usage
      • MFA enrollment by user
      • Suspicious activity
      • Deprovision details
      • Rate limits
      • Admin role assignments
      • Telephony usage
      • Deprecated reports
        • Current Assignments report
        • Recent Unassignments report
        • App Password Health report
    • Run reports
    • Receive reports by email
    • System Log
      • System Log filters and search
      • Common System Log filters
      • Track MFA abandonment in the System Log
    • Log streaming
      • Add an AWS EventBridge log stream
      • Add a Splunk Cloud log stream
      • Edit the status of your log stream
  • Directory integrations
    • Active Directory integration
      • Get started with Active Directory integration
        • Typical workflow for integrating Active Directory
        • Active Directory integration prerequisites
        • Active Directory integration considerations and limits
        • Okta service account permissions
        • Supported Active Directory integration features
        • Active Directory integration implementation options
        • Plan for high availability and disaster recovery
        • Integration with existing Active Directory forests and domains
        • Prepare Active Directory for the integration
        • Import considerations
        • Supported attribute syntaxes
      • Manage your Active Directory integration
        • Install the Okta Active Directory agent
        • Configure Active Directory import and account settings
        • Configure Active Directory provisioning settings
        • Multiple Okta Active Directory agents
        • Install multiple Okta Active Directory agents
        • Update the Okta Active Directory agent
        • Uninstall Okta Active Directory agent
        • Locate the Okta AD Agent log
        • Change the Okta Active Directory agent user
        • Change the number of Okta Active Directory agent threads
        • Okta Active Directory agent variable definitions
        • Configure DMZ server ports for Active Directory integrations
        • Register multiple domains to an Okta Active Directory agent
        • Make Active Directory the Profile Source
        • Rename an Active Directory domain
        • Delegated authentication with Active Directory
        • Enable delegated authentication for Active Directory
        • Check AD DirSync readiness
        • Enable imports with DirSync
      • Manage Active Directory users and groups
        • Import Active Directory users on demand
        • Schedule Active Directory user imports
        • Add and update users with Active Directory Just-In-Time provisioning
        • Make names optional in Active Directory
        • Confirm imported Active Directory user assignments
        • Import groups from Active Directory
        • Push groups from Okta to Active Directory
        • Enable universal security group support
        • Configure enhanced group push for Active Directory organizational units
        • Enable Okta-sourced user Organizational Unit updates
        • View users and groups associated with an Active Directory instance
        • Remove a group from Active Directory provisioning
        • Exclude AD username updates during provisioning
        • Disconnect users from Active Directory
        • Bidirectional Group Management with Active Directory
          • Access governance for AD groups
      • Work with Active Directory attributes
        • Base Active Directory attributes
        • Active Directory attribute mappings to Okta properties
        • Exclude Active Directory username updates during provisioning
      • Active Directory Desktop Single Sign-on
        • Desktop Single Sign-on prerequisites
        • Active Directory Desktop Single Sign-On known issues
        • About Active Directory Desktop Single Sign-on and Just-In-Time provisioning
        • Identify your Desktop Single Sign-On type
        • Configure agentless Desktop Single Sign-on
          • About the agentless Desktop Single Sign-on workflow
          • Create a service account and configure a Service Principal Name
          • Configure browsers for Windows agentless Desktop Single Sign-on
          • Configure browsers for Mac agentless Desktop Single Sign-on
          • Enable agentless Desktop Single Sign-on
          • Update the default Desktop Single Sign-on Identity Provider routing rule
          • Validate the agentless Desktop Single Sign-on configuration
          • Test the agentless Desktop Single Sign-on configuration
        • Migrate your agentless Desktop Single Sign-on configuration
          • Migrate from Integrated Windows Authentication to agentless Desktop Single Sign-on
          • Set the service principal name
          • Configure browsers for single sign-on on Windows
          • Test the Desktop Single Sign-on settings
        • Desktop Single Sign-on FAQ
        • Desktop Single Sign-on troubleshooting
      • Manage passwords
        • Synchronize passwords
          • Password synchronization use cases
          • Synchronize passwords from Okta to Active Directory
          • Synchronize passwords from Active Directory to Okta
          • Application password synchronization
          • Use Okta API to expire user passwords
          • Troubleshoot password synchronization
        • Password migration from AD to Okta
          • Password migration considerations
          • Run a password migration
      • Automatically update Okta Active Directory agents
        • View Okta Active Directory (AD) agent status information
        • Auto-update a single agent on demand
        • Auto-update multiple agents on demand
        • Retry an on-demand agent auto-update
        • Cancel an on-demand agent auto-update
        • Schedule agent auto-updates
        • Turn an agent auto-update schedule on or off
        • Delete an agent auto-update schedule
        • Define the behavior for failed agent auto-updates
        • Unsubscribe from agent auto-update email notifications
        • Download the latest agent version
      • Active Directory integration FAQ
    • LDAP integration
      • Get started with LDAP integration
        • LDAP integration prerequisites
        • LDAP integration known issues
        • LDAP integration limits
        • LDAP integration features
        • Supported LDAP directories
        • LDAP incremental import support
      • Manage your LDAP integration
        • Install the Okta LDAP Agent
        • Configure LDAP integration settings
        • Configure Okta to LDAP provisioning settings
        • Configure LDAP to Okta provisioning settings
        • Modify LDAP integration settings
        • Enable LDAP over SSL
        • Enable delegated authentication
        • Map Okta user profile attributes to LDAP attributes
        • Add and update users with LDAP Just-In-Time provisioning
        • Verify the Okta LDAP agent download
        • Reconfigure an Okta LDAP Agent
        • LDAP configuration parameters
        • Change the number of Okta LDAP agent threads
        • Add or remove custom LDAP attributes
        • Locate the Okta LDAP agent log
        • Manage the Okta LDAP Agent
        • Uninstall or reinstall the Okta LDAP Agent
      • Configure supported LDAP directory services
        • AD LDS LDAP integration reference
        • eDirectory LDAP integration reference
        • IBM LDAP integration reference
        • OpenDJ LDAP integration reference
        • Oracle Internet Directory LDAP integration reference
        • OpenLDAP integration reference
        • Oracle Directory Server Enterprise Edition LDAP integration reference
        • Oracle Unified Directory LDAP integration reference
        • Sun ONE Application Server LDAP integration reference
      • Set up and manage the LDAP Interface
        • LDAP Interface known limitations
        • LDAP Interface connection settings
        • Enable the LDAP interface
        • Expose app groups in the LDAP interface directory information tree
        • Use multifactor authentication with the LDAP Interface
        • LDAP interface pagination control
        • LDAP interface troubleshooting
      • Bidirectional Group Management with LDAP
      • Automatically update Okta LDAP agents
        • View LDAP agent status information
        • Auto-update a single agent on demand
        • Auto-update multiple agents on demand
        • Retry an on-demand agent auto-update
        • Cancel an on-demand agent auto-update
        • Schedule agent auto-updates
        • Turn an agent auto-update schedule on or off
        • Delete an agent auto-update schedule
        • Define the behavior for failed agent auto-updates
        • Unsubscribe from agent auto-update email notifications
        • Download the latest agent version
      • LDAP integration troubleshooting
    • CSV directory integration
      • Get started with CSV directory integration
        • CSV directory integration prerequisites
        • Typical workflow for integrating CSV directories
      • Manage your CSV directory integration
        • Download and install the Okta Provisioning agent
        • Configure the CSV directory integration settings
        • Configure the CSV directory integration profile attributes
        • Configure the CSV directory integration import settings
        • Test the CSV directory integration
  • User management
    • Manage users
      • Add users manually
      • Add and update users with Just-In-Time provisioning
      • Use Anything-as-a-Source
      • Import users
        • View the Import Monitoring dashboard
        • Import users from an app
        • Edit app provisioning settings
        • Clear unconfirmed users
        • Import users from a CSV file
        • Assign users to apps using a CSV file
        • Match imported user attributes
        • Import safeguards
        • Enable or disable import safeguards
        • Change threshold for import safeguard
        • Resolve import safeguard warnings on the Import Monitoring dashboard
      • Activate user accounts
      • Deactivate and delete user accounts
      • Edit deactivated user profiles
      • End Privileged Access
      • Assign applications to users
      • Search for application users
      • Unassign users from applications
      • Unlock an individual user account
      • Unlock multiple user accounts
      • Suspend and unsuspend users
      • Reset a user password
      • Reset multiple user passwords
      • Reset multifactor authentication for users
      • Revoke all user sessions
      • Allow unknown devices to sign in
      • Manage password expiry
        • Expire all user passwords
        • Expire a user's password on the Okta Admin Console
      • User account status
    • Manage groups
      • Groups
      • Okta group source types
      • Create a group
      • About group duplication in Microsoft Office 365
      • View group members
      • Manually assign people to a group
      • Bulk assign people to a group
      • Remove people from a group
      • Enable group import from provisioning-enabled apps
      • Review group imports
      • View and edit Okta group attributes
      • Remove groups imported from provisioning-enabled apps
      • Assign a single app to groups
      • Assign multiple apps to a group
      • Manage group prioritization
        • Prioritize application groups
        • Assign attribute group priority
        • Group prioritization use case
      • Manage group rules
        • Group rules
        • Group rules best practices
        • Manual group user management
        • Create group rules
        • Verify group membership changes
        • Edit group rules
      • Manage Group Push
        • Group Push
        • Group Push prerequisites
        • Enable Group Push
        • Group Push operations
        • App assignments and Group Push
        • Troubleshooting Group Push
      • Manage Group Linking
        • Configure Group Linking
        • Configure Group Linking to delete application groups
    • Manage profiles
      • Profile types
      • Attribute mappings
      • Expressions
      • About rich SAML assertions and WS-Federation claims
      • Work with profiles and attributes
        • View the Okta default user profile
        • View the Okta default group profile
        • Make the user profile first and last name optional
        • Create a custom character restriction for the Okta username
        • Add custom attributes to an Okta user profile
        • Add custom attributes to a default Okta group profile
        • Add custom attributes to apps, directories, and identity providers
        • Edit Okta default group profile custom attributes
        • Remove custom attributes from a default Okta group profile
        • Delete custom app, directory, and identity provider attributes
        • Enforce uniqueness of custom attributes
        • Enforce custom attribute uniqueness
        • Add or remove custom directory schema attributes
        • Review reserved attributes
        • Profile Push
        • View existing application attribute mapping
        • Map Okta attributes to app attributes in the Profile Editor
        • Map app attributes on the Provisioning page
        • Edit application attribute mapping
        • Modify attributes with expressions
        • Override a user name format
        • Override an app username
        • Override application attribute mapping
        • Remove mapping
        • Automatically update an app username
      • Work with Universal Directory user types
        • Custom user types in Universal Directory
        • Universal Directory custom user types known issues
        • Create a custom user type
        • Map a user type to an application
        • Create a user and assign a user type
        • Change the user type
        • Delete a user type
      • Manage profile and attribute sourcing
        • Profile sourcing
        • Designate profile sources for user attributes
        • Prioritize profile sources
        • Make an app the profile source
        • Define the attribute profile source
        • Map profile attributes
        • Edit user attributes
        • Allow users to edit attributes
    • Manage realms
      • Requirements and limitations
      • Get started with realms
      • Create realms
      • Delegate realm management
      • Manage realm users
      • Realm assignments
      • Realms with Okta Identity Governance
      • Use Workflows to manage realms
    • Manage external users external users
      • Set up Partner Admin Portal Partner Admin Portal
        • Create a Partner Admin Portal
        • Set up partner admins
        • Assign users to the Partner Admin Portal
        • Permissions for partner admins
      • Manage the Partner Admin Portal Partner Admin Portal
        • Manage users
        • Manage groups
        • Manage apps
      • User classification
        • Set up user classification
    • Manage service accounts
      • Alternative options to service accounts
      • Set up the Okta Privileged Access app
      • Manage a SaaS app service account
      • Manage an Okta user account as a service account
  • Okta for AI Agents
    • Discover and assess AI agents
      • AI agent discovery in ISPM
      • Discover AI agents in managed apps
      • Discover shadow AI agents using the SAM plugin
        • Okta Secure Access Monitor plugin
        • Configure the Secure Access Monitor plugin
        • Assess AI agents that have privileged OAuth scopes
    • Add and register AI agents
      • Add AI agents manually
      • AI agent imports
        • Apps that support AI agent imports
        • Provider app-specific configurations
          • Configure AWS IAM Identity Center for AI agent imports
          • Configure Salesforce.com for AI agent imports
          • Configure ServiceNow UD for AI agent imports
        • Enable AI agent imports for an app
        • Import AI agents from an app
        • Configure imported AI agents
        • View and monitor AI agent imports
      • Update AI agents
      • Okta for AI Agents status types
    • AI agent resource connections
      • Compare AI agent resource types
      • Add custom resource servers
      • Configure resource server connectors
      • Prerequisites for common resource server connectors
      • Add MCP servers
      • Connect AI agents to resources
    • Govern access to AI agents
      • Request access to AI agents
      • Certify AI agents
  • App integrations
    • Get started with app integrations
    • Learn about app integrations
      • Single Sign-On
      • OIDC app integrations
      • SAML app integrations
      • WS-Fed app integrations
      • SWA app integrations
      • SCIM app integrations
      • CASB configuration guide
    • Add app integrations
      • Add existing app integrations
      • Create custom app integrations
        • Create OpenID Connect app integrations
          • Manage secrets and keys for OIDC app client authentication
          • Encrypt OIDC ID tokens for app integrations
        • Create SAML app integrations
          • AIW SAML field reference
          • Define attribute statements
          • Define group attribute statements
          • Manage signing certificates
        • Configure custom claims for app integrations
          • Generate entitlement claims using the legacy configuration
        • Create SWA app integrations
        • Create SCIM app integrations with entitlement management
        • Add SCIM provisioning to app integrations
      • Add an app with Express Configuration
      • Configure Single Sign-On options
      • Configure settings for app integrations
      • Configure Cross App Access
        • Manage Cross App Access connections
      • Configure profile attributes for OIDC apps
      • Self Service for app integrations
        • Workflow to configure Self Service request feature
        • Enable self-service access to apps
        • Configure a Self Service approval workflow
        • Add app integrations as an end user
        • Handle app integration requests
      • Configure the Okta Template App and Okta Plugin Template App
      • Create a Bookmark App integration
      • Simulate an IdP-initiated flow with the Bookmark App
      • Configure Single Logout in app integrations
      • Configure Native to Web SSO
      • Configure Universal Logout
      • Mapping Active Directory, LDAP, and Workday Values in a SAML template
      • Configure a shared signal transmitter
    • Integration guides
      • 1Password Enterprise Password Manager
        • Integrate 1Password Enterprise Password Manager with Okta
        • Configure Okta SSO in 1Password Enterprise Password Manager
        • Manage user assignments and grace periods
        • Integrate 1Password Enterprise Password Manager with Okta for SSO Unlock
        • Verify SP-inititated SSO
      • Advent Black Diamond
        • Advent Black Diamond supported features
        • Configure Advent Black Diamond provisioning with Okta
      • Amazon Web Services Account Federation
        • Learn about Amazon Web Services integration
        • Connect Okta to a single Amazon Web Services instance
          • Configure Okta as the AWS account identity provider
          • Add Okta as a trusted source for AWS roles
          • Generate the AWS API access key
          • Configure the Amazon Web Services Account Federation app in Okta
        • Connect Okta to multiple Amazon Web Services instances
          • Integrate multiple AWS instances
          • AWS user and group access management
          • Configure AWS accounts and roles for SAML SSO
          • Create AWS role groups in an external directory
          • Create management groups to map users to AWS accounts and roles
          • Import AWS role and management groups into Okta
          • Enable group-based role mapping in Okta
          • Assign AWS management groups to the Okta AWS app
        • Configure Okta as IdP for AWS CLI
      • Apple Business Manager
      • Artifactory
        • Artifactory supported features
        • Integrate Artifactory with Okta
      • Atlassian
      • Axway Amplify
        • Axway Amplify supported features
        • Integrate Axway Amplify with Okta
      • BambooHR
        • BambooHR supported features
        • BambooHR integration known issues
        • Integrate BambooHR with Okta
      • BMC Remedyforce
        • BMC Remedyforce supported features
        • Configure BMC Remedyforce provisioning with Okta
      • Box
        • Box supported features
        • Manage your Box integration
          • Integrate Box with Okta
          • Add attributes to a Box profile
          • Add existing Box groups to Okta
          • Assign Box to Okta groups and configure group push
          • Configure SAML group push for Box
      • Confluence On-Premises
      • Coupa
        • Coupa supported features
        • Integrate Coupa with Okta
      • CrowdStrike
        • CrowdStrike supported features
        • Integrate CrowdStrike with Okta
      • DocuSign
        • DocuSign supported features
        • Integrate DocuSign with Okta
      • Dropbox Business
        • Dropbox Business integration prerequisites
        • Dropbox Business integration known issues
        • Silently provision Dropbox Business
        • Dropbox Business supported features
        • Integrate Dropbox Business with Okta
      • FleetDM
        • FleetDM supported features
        • Configure FleeDM provisioning with Okta
      • Google Workspace
        • Troubleshooting
        • Manage Google Workspace users
        • Google email alias support
      • HashiCorp Cloud Platform
        • HashiCorp Cloud Platform supported features
        • Integrate HashiCorp Cloud Platform with Okta
      • HashiCorp Vault
        • Integrate HashiCorp Vault with Okta
        • Configure the OIDC authentication method
        • Configure groups and policies
        • Test the integration
      • Informatica Cloud
        • Informatica Cloud supported features
        • Integrate Informatica Cloud with Okta
      • Jamf Pro Admin Console
        • Jamf Pro Admin Console supported features
        • Integrate Jamf Pro Admin Console with Okta
      • Jamf Pro User Enrollment
        • Jamf Pro User Enrollment supported features
        • Integrate Jamf Pro User Enrollment with Okta
      • JumpCloud
        • Integrate JumpCloud with Okta
        • Configure IdP for JumpCloud
        • Verify SP-initiated Single Sign-On (SSO)
      • Lucid
        • Lucid supported features
        • Integrate Lucid with Okta
      • Meta Work Accounts
      • Microsoft Entra ID and Office 365
        • Microsoft Entra ID Microsoft Entra ID
          • Integrate Microsoft Entra ID using SAML
            • About Microsoft Entra ID SAML integration
            • Create the Okta enterprise app in Microsoft Entra ID
            • Make Microsoft Entra ID an Identity Provider
            • Map Microsoft Entra ID attributes to Okta attributes
            • Test the Microsoft Entra ID integration
          • Integrate Hybrid Microsoft Entra ID Join
            • About Hybrid Microsoft Entra ID devices
            • Prerequisites for integrating Microsoft Entra ID join
            • Configure Office 365 sign-on rules to allow on-prem and cloud access
            • Configure Hybrid Join in Microsoft Entra ID
            • Hybrid Microsoft Entra ID integration FAQs
          • Integrate Windows Autopilot
            • Okta + Windows Autopilot overview
            • How Okta works with Windows Autopilot
            • Supported use cases for Okta with Windows Autopilot
            • Integrate Okta with Windows Autopilot
        • Microsoft Office 365
          • Deploy Office 365
            • Add Office 365 to Okta
            • Configure Single Sign-On for Office 365
            • Provision users to Office 365
            • Import users to Office 365 using Microsoft Graph API
            • Assign Office 365 to users and groups
            • Secure Office 365 using app sign-on policies
          • Office 365 sign on policies
            • About Office 365 sign on policies
            • Best security practices for Office 365 sign on policies
            • Office 365 sign-on rules options
            • Office 365 default sign-on rules
            • Create Office 365 sign-on rules
          • Office 365 provisioning and deprovisioning
            • Enable deprovisioning in Office 365
            • Add custom attributes
            • Map custom attributes
            • Skip importing groups during Office 365 user provisioning
            • Provisioning options for Office 365
            • Deprovisioning options for Office 365
            • Manage Office 365 licenses and roles
            • Supported user profile attributes for Office 365 provisioning
            • Supported user profile attributes for Office 365 import
          • Advanced integration topics for Office 365
            • Allow or deny custom clients in Office 365 sign-on policy
            • Provide Microsoft admin consent for Okta
            • Office 365 Silent Activation: New Implementations
            • Office 365 Silent Activation: Old Implementations
            • Configure certificate-based authentication
            • Use Okta MFA for Microsoft Entra ID (formerly Azure Active Directory)
            • Federate multiple Office 365 domains in a single app instance
            • Okta support for hybrid Microsoft Entra ID joined devices
            • Enable Microsoft Office 365 applications
            • Move Microsoft Office 365 from Secure Web Authentication to WS-Federation
            • Configure Office 365 GCC Tenant
            • Configure Office 365 GCC High Tenant
            • Supported Office 365 GCC High Apps and Services
            • Configure the Okta Template WS Federation Application
            • Configure WS-Federation for Office 365
            • Group linking for Microsoft Office 365
          • Office 365 FAQs
      • Microsoft SharePoint (On-Premises)
        • Typical deployment workflow for SharePoint (On-Premises)
          • Deployment Scenarios
          • Add SharePoint (On-Premises) in Okta
          • Configure Okta as a claims provider in SharePoint (On-Premises)
          • Configure Okta SharePoint People Picker agent
          • Deploy Okta People Picker for SharePoint agent
          • Uninstall Okta People Picker and Okta authentication
          • Troubleshooting: Microsoft SharePoint (On-Premises)
          • Microsoft SharePoint (On-Premises) FAQs
      • Mimecast Personal Portal V3
        • Mimecast Personal Portal V3 supported features
        • Integrate Mimecast Personal Portal V3 with Okta
      • Mulesoft Anypoint Platform
        • Create an OIDC integration
          • Integrate MuleSoft Anypoint Platform with Okta
          • Configure IdP for MuleSoft Anypoint Platform
          • Configure the Redirect URI in Okta
          • Test the integration
        • Create a SCIM integration
          • MuleSoft Anypoint Platform provisioning supported features
          • Integrate MuleSoft Anypoint Platform provisioning with Okta
      • Okta as Microsoft EAM
      • Okta Org2Org
        • Okta Org2Org supported features
        • Integrate Okta Org2Org with Okta
      • Okta Identity Security Posture Management (ISPM)
      • OneLogin
        • Create an OneLogin OIDC integration
          • Integrate OneLogin with Okta
          • Configure Okta SSO in OneLogin
          • Configure Just-In-Time provisioning in OneLogin
          • Verify SP-initiated Single Sign-On (SSO)
        • Create an OneLogin SCIM integration
          • OneLogin supported features
          • Configure OneLogin provisioning with Okta
      • Oracle Human Capital Management
        • Oracle Human Capital Management supported features
        • Enable Oracle Human Capital Management provisioning
      • Oracle Identity Access Management
        • Oracle Identity Access Management supported features
        • Integrate Oracle Identity Access Management with Okta
      • PagerDuty
        • PagerDuty supported features
        • Integrate PagerDuty with Okta
      • Rally Software
        • Rally Software supported features
        • Integrate Rally Software with Okta
        • Add custom Rally Software attributes
      • RingCentral
        • RingCentral integration prerequisites
        • RingCentral supported features
        • Okta to RingCentral attribute mapping requirements
        • Manage your RingCentral integration
          • Integrate RingCentral with Okta
          • Enable RingCentral bidirectional attribute synchronization
          • Add custom RingCentral attributes
        • Troubleshoot RingCentral integrations
      • Salesforce
        • Salesforce supported features
        • Supported Salesforce custom attribute types
        • Manage your Salesforce integration
          • Enable Salesforce single sign-on
          • Enable Salesforce provisioning
          • Add attributes to a Salesforce profile
          • Configure OAuth and REST integration
          • Create a Salesforce Community integration
          • Create a Salesforce Portal integration
          • Create a Salesforce Government Cloud integration
      • SAP Analytics Cloud
        • SAP Analytics Cloud supported features
        • Integrate SAP Analytics Cloud with Okta
      • SAP Concur
        • SAP Concur supported features
        • Integrate SAP Concur with Okta
      • SAP SuccessFactors Employee Central
        • Learn about SAP SuccessFactors Employee Central integration
        • SAP SuccessFactors Employee Central integration prerequisites
        • SAP SuccessFactors Employee Central supported features
        • Learn about SAP SuccessFactors Employee Central data provisioning
        • Supported SAP SuccessFactors Employee Central entities and attributes
        • Manage your SAP SuccessFactors Employee Central integration
          • Integrate SAP SuccessFactors Employee Central with Okta
          • Set Time Zone Aware Pre-hires/Terminations
          • View the SAP SuccessFactors Employee Central Start Date attributes
      • SentinelOne
        • SentinelOne supported features
        • Enable SentinelOne provisioning
      • ServiceNow
        • ServiceNow (Eureka)
        • ServiceNow UD SSO migration guide
        • ServiceNow UD Provisioning migration guide
      • Slack
        • Slack integration prerequisites
        • Slack supported features
        • Supported Slack attributes
        • Integrate Slack with Okta
        • Troubleshoot Slack integrations
      • Splunk
        • Splunk Enterprise supported features
        • Enable Splunk Enterprise provisioning
      • Splunk Cloud
        • Splunk Cloud supported features
        • Configure Splunk Cloud provisioning with Okta
      • ThoughtSpot
        • Create ThoughtSpot OIDC integration
          • Integrate ThoughtSpot with Okta
          • Configure Okta IdP for ThoughtSpot
          • Verify SP-initiated Single Sign-On (SSO)
        • Create ThoughtSpot SCIM integration
          • ThoughtSpot supported features
          • Enable ThoughtSpot provisioning
      • Trend Micro
        • Trend Micro supported features
        • Integrate Trend Micro with Okta
      • Twilio
        • Twilio supported features
        • Integrate Twilio with Okta
      • UKG Pro
        • UKG Pro prerequisites and known issues
        • UKG Pro supported features
        • Create a UKG Pro report and report ID
        • Integrate UKG Pro with Okta
        • UltiPro template
      • Workato
        • Workato supported features
        • Integrate Workato with Okta
      • Workday
        • Workday incremental imports
        • Workday Real-Time Sync
        • Workday Email and Phone writeback
        • Configure Workday writeback for home and work contacts
        • Best practices and FAQ
        • Import with custom reports
      • Workplace by Facebook
      • Zendesk
        • Zendesk supported features
        • Zendesk considerations and limits
        • Integrate Zendesk with Okta
      • Zoho Mail
        • Zoho Mail supported features
        • Integrate Zoho Mail with Okta
      • Netskope Admin Console
        • Netskope Admin Console supported features
        • Integrate Netskope Admin Console with Okta
    • Access and customize app integrations
      • Assign app integrations
      • Manage app integration assignments
      • Manage Federation Broker Mode
        • Enable Federation Broker Mode
        • Disable Federation Broker Mode
        • Federation Broker Mode known limitations
      • Redirect unauthenticated users to a custom login page
      • Redirect unassigned users to a custom error page
      • Convert app integrations from individually owned to group managed
      • Customize an app logo
      • Add notes to an app integration
      • Set up VPN notification
      • Reveal the password of an app integration
      • Pass Device Context using Limited Access for Okta Identity Engine
    • Remove app integrations
      • Deactivate app integrations
      • Delete app integrations
    • Provision apps
      • Get started with provisioning
        • Provisioning
        • Lifecycle of a provisioned user
        • Add provisioned users
        • Workflow for deploying new provisioning app integrations
        • Workflow for adding provisioning to app integrations
        • On-premises provisioning
        • Workflow for deploying on-premises provisioning
      • Provision cloud applications
        • Search for an existing OIN app integration
        • Add an app integration to Okta
        • Create and configure a duplicate app instance
        • Configure provisioning for an app integration
        • Assign app integrations
      • Provision on-premises apps
        • On-premises provisioning and entitlements
        • Enable TLS 1.2
        • Install the Okta Provisioning Agent
        • Install the Okta On-prem SCIM Server agent
        • Agent configuration file
        • Okta On-prem Connector
          • Okta On-prem Connector guides
            • On-prem Connector for Oracle EBS
              • Supported attributes for Oracle EBS
            • On-prem Connector for SAP Netweaver ABAP
              • Configure admin roles for SAP Netweaver ABAP
              • Supported attributes for SAP Netweaver ABAP
            • On-premises Connector for Generic Databases
          • Supported entitlements by On-prem Connector
          • Install Okta On-prem Connector
          • Uninstall Okta On-prem Connector
          • SQL statements, stored procedures, and custom code
          • System requirements for On-prem Connectors - Oracle EBS and SAP Netweaver ABAP
          • System requirements for On-premises Connector - Generic Databases
        • Create an instance of your on-premises app in Okta
        • Create and test SCIM connectors
          • Create SCIM connectors for on-premises provisioning
          • Test SCIM connectors for on-premises provisioning
          • SCIM messages for on-premises provisioning
        • Connect to a SCIM connector
        • Configure the API call timeout period
        • Make an on-premises app the profile source
        • Okta Provisioning Agent incremental import
        • Upgrade Okta Provisioning Agent
        • Uninstall and reinstall the Okta Provisioning Agent
      • Manage provisioned users
        • Assign an app integration to a user
        • Provision users
        • Automatically update user attributes
        • Assign an app integration to a group
        • Convert an individual assignment to a group assignment
        • Automatically deactivate app users
        • Deprovision a user
        • Reactivate a user profile
      • Troubleshoot provisioning
    • App integrations FAQ
    • API Service Integrations
      • Add an API Service Integration
      • Rotate a Client Secret for an API Service Integration
      • Revoke an API Service Integration
  • Devices
    • Okta Device Access
      • Device Access certificates
        • Use Okta as a CA for Device Access
          • Static SCEP for macOS with Jamf Pro
          • Dynamic SCEP for macOS with Jamf Pro
          • Delegated SCEP for macOS with Microsoft Intune
          • Static SCEP for macOS with Workspace ONE
          • Delegated SCEP for Windows with Microsoft Intune
          • Static SCEP for Windows with Workspace ONE
        • Use your own CA for Device Access Device Access
          • Configure Active Directory Certificate Services
        • Verify certificate deployments
      • Platform SSO for macOS macOS
        • Create and configure the PSSO app
        • Configure device management profiles
          • Secure Enclave using a generic MDM
          • Desktop Password Sync using Intune
          • Desktop Password Sync using Jamf Pro
          • Desktop Password Sync using Workspace ONE
          • Desktop Password Sync using a generic MDM
        • Just-In-Time Local Account Creation for macOS
        • Version compatibility and features
        • Support your macOS users
      • Desktop MFA for macOS
        • Create and configure the Desktop MFA app
        • Download Okta Verify
        • Configure and deploy Desktop MFA policies
        • Link an end user account
        • Enforce number challenge for Desktop MFA
        • Enable Desktop MFA recovery
        • Configure Desktop MFA to use FIDO2 keys
        • Support your Desktop MFA users
      • Desktop MFA for Windows
        • Create and configure the Desktop MFA app for Windows
        • Download Okta Verify
        • Deploy Desktop MFA to your endpoints
        • Configure and deploy Desktop MFA policies
        • Enable self-service password reset
        • Enforce number challenge for Desktop MFA
        • Configure Desktop MFA to use FIDO2 keys
        • Configure Desktop Password Autofill
        • Enable Desktop MFA recovery
        • Desktop MFA user experience
        • Support your Desktop MFA users
      • Device-Bound Single Sign-On
        • Configure Device-Bound SSO for macOS
        • Configure Device-Bound SSO for Windows
        • Troubleshoot Device-Bound SSO issues
        • System Log events
      • Sign users out of devices
    • Okta Verify deployment
      • Deploy to Android devices
        • Configuration settings for Android OS
        • Download Okta Verify from the Admin Console
      • Deploy to iOS devices
        • Configuration settings for iOS
        • Deploy using MEM
      • Deploy to macOS devices
        • Configuration settings for macOS
        • Auto-launch Okta Verify on macOS devices
      • Deploy to Windows devices
        • Configuration settings for Windows
        • Deploy using Workspace ONE
        • Configure automatic updates
        • Configure user verification type
        • Configure physical or virtual environments
      • Okta Verify security updates
    • Device registration
    • Managed devices
      • Management attestation for mobile devices
        • Configuration workflow
        • Configure management attestation
        • Integrate Okta with your MDM software
        • Add an app sign-in policy rule for mobile
        • Manage mobile device management configuration
      • Management attestation for desktop devices
        • Configuration workflow
        • Add an app sign-in policy rule for desktop
        • Manage desktop device management configuration
      • Configure a Certificate Authority
        • Client certificates
        • Configure Okta as a CA with static SCEP challenge for macOS with Jamf Pro
        • Configure Okta as a CA with static SCEP challenge for Windows using Workspace ONE
        • Configure Okta as a CA with dynamic SCEP challenge for macOS with Jamf Pro
        • Configure Okta as a CA with delegated SCEP challenge for macOS with Microsoft Intune
        • Configure Okta as a CA with delegated SCEP challenge for Windows with Microsoft Intune
        • Provide your own certificate authority
        • Management attestation FAQ
      • Managed app configurations
    • Endpoint security integrations
      • Get started
        • Prerequisites for endpoint security integration
        • Create an endpoint security integration app sign-in policy
        • Manage endpoint security integrations
          • Add an endpoint security integration
          • Edit an endpoint security integration
          • Delete an endpoint security integration
        • Manage endpoint security integration plugins for macOS
        • Manage endpoint security integration plugins for Windows
        • Validate your endpoint security integration
      • Android Device Trust integration
      • Chrome Enterprise integration
      • Device Posture Provider integration
      • EDR signals for custom expressions
    • Devices inventory
      • View device details
      • Device lifecycle
    • Device assurance
      • Add a device assurance policy
      • Configure advanced posture checks
      • Add user help for device assurance
        • Remediation messages
      • Add custom remediation for device assurance
      • Add device assurance to an app sign-in policy
      • Edit a device assurance policy
      • Delete a device assurance policy
      • System Log events
    • Notification services
    • Expression Language for devices
      • Expression Language attributes
      • Use custom expressions in authentication policies
  • Okta FastPass
    • Configure Okta FastPass
    • Configure a global session policy
    • Enable Okta FastPass
    • Configure an authentication policy
    • Authentication policy examples
    • Disable Okta FastPass
    • Okta FastPass FAQ
    • Known issues
    • Configure SSO extension on iOS devices
    • Configure SSO extension on macOS devices
    • Let users skip the Open Okta Verify prompt
  • Authentication
    • Multifactor authentication
      • Okta Verify
        • Okta Verify options
        • Release controls
        • User experience
        • Collected data types
        • Supported platforms
      • Custom Authenticator
      • Custom OTP
      • Duo Security
      • Email
        • Make email optional
      • Passkeys (FIDO2 WebAuthn)
        • Add the Passkeys (FIDO2 WebAuthn) authenticator
        • Customize the Passkeys (FIDO2 WebAuthn) end-user experience
        • Configure the Passkeys (FIDO2 WebAuthn) access controls
        • Configure the Passkeys (FIDO2 WebAuthn) authenticator groups
        • Customize the Passkeys (FIDO2 WebAuthn) relying party ID domain
        • Review and manage FIDO MDS and custom authenticators
        • Enroll a FIDO2 security key for a user
        • Passkeys (FIDO2 WebAuthn) support and behaviorFIDO2 (WebAuthn) support and behavior
      • Google Authenticator
      • IdP Authenticator
      • Password
        • Self-service account recovery
      • Phone (Voice Call/SMS)
      • Security Question
      • Smart Card IdP
      • Symantec VIP
      • Temporary access code
      • YubiKey OTP
      • Authenticator enrollment policies
        • Create an authenticator enrollment policy
        • Configure rules for authenticator enrollment policies
      • MFA for third-party agents
        • Okta On-Prem MFA agent (formerly RSA SecurID)
          • Add and configure On-Prem MFA/RSA SecurID
          • Disable SSL Pinning
          • Install the On-Prem MFA Agent
          • Configure high availability
          • Configure verbose logging
          • Uninstall and reinstall the agent
          • Swap On-Prem MFA/RSA SecurIDSwap On-Prem MFA/RSA SecurID
        • Okta MFA Credential Provider for Windows
          • Configure your Okta org for MFA Credential Provider for Windows
          • Assign users/groups to the Microsoft RDP (MFA) app
          • Install the Okta Credential Provider for Windows
          • Verify MFA for RDP sessions
          • Configure a system proxy account
          • Troubleshoot MFA issues for the MFA Credential Provider for Windows
        • Okta MFA provider for Active Directory Federation Services
          • Install and configure Microsoft ADFS in Okta
          • Install the Okta ADFS Plugin on your ADFS Server
          • Enable the Okta MFA Provider in ADFS
          • Add Access Control Policy to a Relying Party Application
          • Assign the Microsoft ADFS (MFA) application
          • Verify the Okta MFA prompt when signing in to ADFS
          • Enable OpenID Connect with existing Active Directory Federation Services apps
          • Enable MFA for Active Directory Federation Services (ADFS) as a service
          • Troubleshooting
          • Farm addendum
          • Uninstall the Okta ADFS Plugin on your ADFS Server
          • Configure MFA for Active Directory Federation Services (ADFS)
        • MFA for Electronic Prescribing for Controlled Substances - Hyperdrive
          • MFA for Electronic Prescribing for Controlled Substances - Flow
          • Install and configure Epic Hyperdrive in Okta
          • Install the Okta Hyperdrive Agent
          • Configure Hyperdrive to integrate with Okta
          • Configure a Chronicles device
          • Test the user sign-in process
          • Troubleshoot the Hyperdrive integration
    • Passwordless authentication
      • Set up a passwordless sign-in experience
      • Configure MFA for passwordless users
    • Phishing-resistant authentication
      • Phishing-resistant authenticator enrollment
      • Enable phishing resistance for Universal Windows Platform apps
      • Trusted app filters
    • Okta policies and rules
      • Global session policies
        • Create a global session policy
        • Add a global session policy rule
        • Edit a global session policy
        • Global session policy evaluation
      • Authentication policies
        • App sign-in policies
          • Create an app sign-in policy
          • Add an app sign-in policy rule
          • Assign apps to an app sign-in policy
          • Update an app sign-in policy
          • Use the Policy Insights Dashboard
          • Clone an app sign-in policy
          • Modify app sign-in policies for first-party apps
          • Preset app sign-in policies
          • Merge duplicate policies
          • Create device signal collection rules
          • Authentication method chain
          • Authentication scenarios
          • Biometric user verification in app sign-in policies
          • Device platform security
        • Okta account management policy
          • Edit the Okta account management policy
          • Enrollment of first phishing-resistant authenticator
          • Authenticator enrollment
          • Identity verification for account actions
          • Password recovery and account unlock
          • Enable password expiry
      • Access Testing Tool
    • Identity providers
      • Add a social login (IdP)
      • Add a SAML 2.0 IdP
        • Add a SAML Identity Provider
        • Add metadata for an Identity Provider
        • Configure Universal Directory mappings
        • Specify an error page for Identity Provider, SAML, or SSO
        • Customization options for inbound SAML
      • Add a Smart Card IdP
        • Format a PKI certificate chain
        • Add a Smart Card identity provider
          • Smart Card idpUser expressions
          • Expressions
        • Test the Smart Card or PIV card configuration
        • Troubleshooting Smart Card and PIV card authentication
      • ID verification vendors as IdPs
        • Add a preconfigured ID verification vendor
        • Add a custom ID verification vendor
        • Map profile attributes from Okta to an ID verification vendor
      • Identity provider routing rules
        • Configure identity provider routing rules
        • Configure dynamic routing rules
        • Modify routing rules
      • Generic OpenID Connect
      • Add an Okta Integration identity provider
      • Enable Single Logout for an identity provider
      • Redirect federated users to IdPs for re-authentication
    • RADIUS Integrations
      • Getting Started with RADIUS Integrations
        • About the Okta RADIUS Agent
        • Install and configure the RADIUS Agent
        • About creating Okta applications that use the RADIUS agent
        • Install Okta RADIUS server agent on Windows
          • Install the Okta RADIUS Server Agent for Windows
          • Configure properties
          • Access and manage log files
          • Troubleshoot the Windows RADIUS agent
          • Uninstall the Windows RADIUS agent
        • Install Okta RADIUS server agent on Linux
          • Install the RADIUS Linux server agent
          • Configure proxies
          • Configure properties
          • Manage the agent
          • Troubleshoot the Linux RADIUS agent
          • Access and manage log files
          • Uninstall the agent
        • Determine the RADIUS agent version
      • RADIUS Integrations
        • Amazon WorkSpaces
          • Prepare Amazon WS
          • Install and configure the RADIUS agent in AWS
          • Configure AWS inbound rules
          • Add the Amazon WorkSpaces app
          • Amazon Workspaces with MFA User Experience
          • Configure Amazon Workspaces MFA
          • Provision users
        • BeyondTrust
          • Add the BeyondTrust MFA (RADIUS) app
          • BeyondTrust optional settings
          • Configure the BeyondInsight gateway
          • Testing the BeyondInsight integration
          • Troubleshoot the BeyondInsight integration
        • Check Point
          • Check Point RADIUS integration flow
          • Add the Check Point Software (RADIUS) app
          • Configure the Check Point SmartConsole
          • Configure Check Point optional settings
          • Test the Check Point RADIUS integration
          • Troubleshoot the Check Point integration
        • Cisco Meraki
          • Cisco Meraki RADIUS integration flow
          • Add the Cisco Meraki Wireless LAN (RADIUS) app
          • Cisco Meraki optional settings
          • Configure Cisco Meraki to use the Okta RADIUS Agent
          • Configure wireless clients for Cisco Meraki
          • Troubleshoot Cisco Meraki integrations
        • Cisco ASA IKEv2 VPN
          • Add the Cisco ASA IKEv2 RADIUS app
          • Configure the Cisco ASA VPN to interoperate with RADIUS
          • Configure optional settings
          • Configure the Windows VPN
          • Configure trusted root CA
          • Test the Cisco ASA integration
        • Cisco ASA VPN
          • Add the Cisco ASA VPN (RADIUS) app
          • Configure the Cisco ASA gateway
          • Configure optional settings
          • Test the Cisco RADIUS ASA VPN integration
        • Cisco FMC
          • Add the Cisco VPN for Firewall Management Center RADIUS app
          • Configure Cisco Firewall Management Center
          • Test the Cisco Firepower Management Center integration
        • Citrix Netscaler
          • Citrix Gateway supported versions, clients, features, and factors
          • Add the Citrix Gateway (RADIUS) app
          • Configure the Citrix Gateway
          • Configure optional settings
          • Citrix Gateway end user experience
        • F5 BigIP APM
          • Add the F5 BIG IP RADIUS app
          • Configure F5 BIG IP APM gateway
          • Configure F5 BIG IP optional settings
          • Test the F5 BIG IP integration
        • Fortinet Appliance
          • Add the Fortinet Fortigate (RADIUS) app
          • Configure the Fortinet gateway
          • Configure optional settings
          • Test the Fortinet appliance integration
          • Troubleshoot the Fortinet Application integration
        • NetMotion Mobility
          • Add the NetMotion Mobility (RADIUS) app
          • Netmotion Mobility - Add trusted root certificate
          • Configure NetMotion Mobility to work with RADIUS
          • NetMotion Mobility user experience
        • Palo Alto Networks VPN
          • Palo Alto Networks supported features and factors
          • Add the Palo Alto Networks VPN (RADIUS) app
          • Configure Palo Alto Networks VPN to use the Okta RADIUS
          • Configure optional settings
          • Test the Palo Alto Networks VPN integration
          • Troubleshoot the Palo Alto Network VPN integration
        • Pulse Connect Secure
          • Pulse Connect Secure supported versions, and factors
          • Add the Pulse Connect Secure (RADIUS) app
          • Configure the Pulse Connect Secure gateway
          • Pulse Secure optional settings
          • Test the Pulse Connect Secure integration
        • Sophos UTM
          • Add the Sophos UTM (RADIUS) app
          • Configure the Sophos USM gateway
          • Sophos UTM optional settings
          • Test the Sophos UTM integration
        • VMWare Horizon View
          • Add the VMware Horizon View (RADIUS) app
          • Configure the VMware Horizon View Connection Server
          • VMware Horizon View optional settings
          • Test the VMware Horizon integration
        • Autopush for RADIUS
      • RADIUS applications in Okta
        • Add the RADIUS app
        • Configure the RADIUS customer application
        • Test the generic RADIUS integration
        • Client IP reporting
        • Okta group membership information for authorization
        • RADIUS service address filtering
      • RADIUS server best practices
        • About certificates
        • About the Okta RADIUS server agent
        • Okta RADIUS Server Agent flow
        • RADIUS deployment architectures
        • RADIUS session persistence best practices
        • RADIUS throughput and scaling benchmarks
        • RADIUS common issues and concerns
        • RADIUS server logging
        • RADIUS network zones
      • SAML integration advantages
  • Org-level security
    • Identity Threat Protection
      • Get started
      • Identity Threat Protection key concepts
      • Admin roles for ITP
        • Configure custom admin roles for ITP
      • Observability
        • System Log events
        • View risk detections by user
        • Reports
          • Session protection violation report
          • Entity risk report
          • At-risk user report
        • Dashboard widgets
          • Session protection violations
          • Entity risk detections
          • At-risk users
      • Session protection
        • Configure session protection
        • Session protection reporting
      • Entity risk policy
        • Add a rule
        • Risk detections
          • Breached credential detected
          • Entity critical action from high threat IP
          • Okta Threat Intelligence
          • Suspicious login from an IP flagged by FastPass
          • Suspicious login from an IP flagged in a credential based attack
          • This wasn't me
          • Session influenced user risk
          • Suspected brute force attack
          • Suspicious app access
          • Admin reported user risk
          • Security events provider reported risk
      • Bot protection
        • Configure bot protection for enforcement
        • Bot protection reporting
      • Universal Logout
        • Configure Universal Logout for supported apps
        • Universal Logout supported apps and devices
        • Third-party apps that support Universal Logout
        • Universal Logout revocations
        • Confirm the results of Universal Logout
      • Workflows
        • Create delegated flows for policy actions
      • Shared Signals Framework
        • Configure a shared signal receiver
      • Elevate or lower an entity risk level
    • Administrator roles
      • Learn about administrators
        • Custom admin roles
        • Super administrators
        • Organization administrators
        • Application administrators
        • Group administrators
        • Group membership administrators
        • Help desk administrators
        • Report administrators
        • Read-only administrators
        • API Access Management administrators
        • Access requests administrators
        • Access certifications administrators
      • Set up administrators
        • Use custom admin roles
          • Role permissions
            • Permission conditions
          • Work with the resource set component
            • Create a resource set
            • Edit a resource set
            • Resource set conditions
            • Create an admin assignment using a resource set
          • Work with the role component
            • Create a role
            • Edit a role
            • Create an admin assignment using a role
        • Use standard roles
          • Standard administrator roles and permissions
          • Edit resources for a standard role assignment
        • Work with the admin component
          • Create an admin role assignment using an admin
        • Configure help desk administrators
        • Configure third-party administrators
        • Remove an admin role assignment
        • Configure email notifications for an admin role
        • Configure administrator settings
        • Enable MFA for the Admin Console
      • Administrator resources
        • Administrators page
        • Best practices for group admin role assignments
        • Best practices for creating a custom role assignment
        • Guidance for structuring Okta groups
        • Get started with Okta
      • Govern Okta admin roles
        • Get started
        • Configure policies for Govern Okta admin roles apps
        • Access Requests for admin roles
          • Create an admin role bundle
          • Manage admin role bundles
          • Create an access request condition
          • Manage access request conditions
          • Manage an approval sequence
          • Request admin role assignment
          • Manage admin role access requests
        • Access Certifications for admin roles
          • Create campaigns to review admin roles
          • Manage campaigns
          • Review access to admin roles
    • Breached credentials protection
      • Configure breached credentials protection
      • Test your breached credentials protection configuration
      • User experience with breached credentials protection
    • General Security
      • Keep me signed in
    • Protected actions in the Admin Console
    • HealthInsight
      • About HealthInsight
      • HealthInsight tasks and recommendations
        • Limit the number of super admins
        • Enforce a limited session lifetime for all policies
        • Suspicious Activity Reporting
        • Sign-on notifications for end users
        • Authenticator enrolled notification email for end users
        • Authenticator reset notifications for end users
        • Password changed notification for end users
        • Enable SAML or OIDC authentication for supported apps
        • Change the authentication frequency
        • Evaluate a risk score for each request
        • Blocklist network zones
        • Enable strong password settings for password policies
        • Select authenticators required for enrollment
        • MFA for the Admin Console
        • Blocklist proxies with high sign-in failure rates
        • Enforce Content Security Policy (CSP) for customized sign-in and error pages
    • Network zones
      • Network zone types
        • IP zones
          • IP exempt zone
        • Dynamic zones
        • Enhanced dynamic zones
          • Supported IP service categories
      • Manage network zones
        • Create an IP zone
        • Create a dynamic zone
        • Create an enhanced dynamic zone
        • Edit or delete a network zone
        • Add IPs to a network zone from the System Log
      • Use network zones in your org
        • Generate a Proxy IP report
        • Add a network zone to policies
        • Create a network zone for IWA
        • Troubleshoot network zone issues using System Log
        • Use network zones with VPN notifications
        • Use zones in routing rules
        • Unblock false positives in System Log
      • Network zones FAQ
    • Recent Activity
    • Risk scoring
    • Behavior Detection and evaluation
      • About Behavior Detection
        • Improved New Device Behavior Detection
      • About behavior types
      • Behavior Detection System Log events
      • About behavior and sign-on policies
        • Add behavior condition in an app sign-in rule
        • Add behavior to a Global Session Policy rule
      • Configure Behavior Detection
        • Add a location behavior
        • Add IP behavior
        • Add device behavior
        • Add a velocity behavior
        • Add an ASN behavior
        • Manage behavior settings
        • Reset the user behavior profile
      • Risk and behavior evaluation
      • Behavior Detection and risk evaluation FAQ
    • ThreatInsight
      • About Okta ThreatInsight
      • Configure Okta ThreatInsight
      • Exclude IP zones from Okta ThreatInsight evaluation
      • System Log events for Okta ThreatInsight
      • HealthInsight reporting on Okta ThreatInsight
    • Telephony
      • Choose telephony provider
      • Regulatory compliance
      • Prevent or mitigate telephony-based fraud
      • Configure and use telephony
      • Configure telephony providers through the Admin Console
      • Configure a telephony provider through an inline hook
      • Configure Workflows for Telephony
    • API access management
      • Build authorization servers
        • Create an authorization server
        • Create API access scopes
        • Create API access claims
        • Create access policies
        • Test your authorization server configuration
        • Add trusted servers
        • Rotate signing keys
        • Encrypt access tokens for authorization servers
        • Delete an authorization server
      • Manage Okta API tokens
      • Configure Trusted Origins
        • Trusted Origins for iFrame embedding
    • Allow access to Okta IP addresses
    • Mitigate the impact of third-party cookie deprecation
  • Identity Governance
    • Overview
    • Access Certifications Access Certifications
      • Campaigns
        • Get started
        • Customizable reviewer context
        • Governance analyzer
        • Configure Governance Analyzer settings
        • Best practices for creating campaigns
        • Create preconfigured campaigns
          • Discover inactive users campaign limits
        • Create resource campaigns
        • Create user campaigns
        • Recurring campaign considerations
        • Examples of Okta Expression Language
        • Understand Disable self-review
        • Understand remediation
        • Assignment methods
        • View the progress of an active campaign
        • View previously completed campaigns
        • Copy campaigns
        • Modify a scheduled campaign
        • Modify campaign's end date
        • Certification campaign reviews
          • Review campaigns
          • Reassign review items
      • Security access reviews
        • Get started
        • Launch a security access review
        • Understand remediation
        • Understand prioritization
        • Manage Security Access Reviews
        • Review access
    • Access Requests
      • Get started
      • Conditions
        • Configure policies for Access requests apps
        • Configure settings
        • Create a condition
        • Create an access request condition for a resource collection
        • Manage access request conditions
        • Configure an approval sequence
      • Request types
        • Configure your Okta org for request types
          • Create a team
          • Modify a list
        • Create a request type
        • Configure a request type associated with bundles
        • Request type settings
        • Create a sample Request Type
      • Create requests
        • End-User Dashboard
        • Access Requests web app
        • Slack
        • Microsoft Teams
      • Manage tasks
      • Escalate tasks
      • Manage requests
      • Export data
      • Notifications
    • Entitlement Management Entitlement Management
      • Get started
      • Considerations and limits
      • Provisioning-enabled apps
        • Apps with entitlement support
        • Configure a provisioning-enabled app
        • Provisioning-enabled app limits
        • Coupa requirements
        • GitHub Team requirements
        • Google Workspace requirements
        • NetSuite requirements
        • Salesforce requirements
        • Workday requirements
      • Enable Entitlement management
      • Create campaigns to audit entitlements
      • Entitlements
        • Create
        • Manage
        • Sync entitlements from provisioning-enabled apps
        • Revoke entitlements in downstream apps
      • Entitlement policy
        • Create policy
        • Examples of Okta Expression Language
        • Preview policy
        • Apply policy
        • Manage policy
      • Entitlement bundles
        • Create
        • Manage
    • Resource collections
      • Get started with resource collections
      • Create a resource collection
      • Manage resource collections
      • Manage resource collection assignments
      • Manage resource collection apps
    • Separation of duties
      • Get started with separation of duties
      • Create separation of duties rules
      • Manage separation of duties rules
      • Understand separation of duties conflicts
    • User and resource management
      • Resource owners
        • Assign resource owners
        • Change resource owners
        • Remove resource owners
      • Resource labels
      • Group ownership
        • Configure Okta group owners
        • Import from Active Directory
      • Update group profile attributes
        • Add custom attributes to the default group profile
      • Assign entitlements to users
      • Import user entitlements from CSV
      • Manage user entitlements
      • View user entitlements
      • Governance delegates
        • Assign delegate from the Admin Console
        • Manage delegates
        • Governance tasks for delegates
    • Settings
      • Enable end users to assign delegates
      • Integrations
        • Considerations and best practices for integrating Slack and Microsoft Teams
        • Integrate Slack
        • Configure settings for Slack
        • Integrate Microsoft Teams
        • Integrate Jira
        • Integrate ServiceNow
      • Enable AI
      • Allow requesters to escalate tasks
    • Reports
      • Active Campaign Summary
        • Column reference
      • Active Campaign Details
        • Column reference
      • Past Campaign Details
        • Column reference
      • Past Campaign Summary
        • Column reference
      • Auditor reporting package
        • Generate the auditor reporting package
      • Past Access Requests report
      • Past Access Requests (Conditions) report
      • Separation of duties report
      • User Entitlements report
  • Okta Privileged Access Okta Privileged Access
    • Requirements and limitations
    • Get started with Okta Privileged Access Okta Privileged Access
      • Set up Okta Privileged Access
      • Configure group sync
    • Users and Groups administration
      • Groups
      • Service users
    • Resource administration
      • Resource groups
      • Resource assignment
      • Manage service accounts
        • Certify service accounts
      • Manage Active Directory accounts
        • Requirements and limitations
        • Get started with Active Directory accounts
        • Grant Okta Active Directory (AD) agent password management permissions
        • Set up Active Directory domains
        • Active Directory account rules
          • Set up Active Directory account rules
        • Manual account assignment
        • Windows domain controller
      • Projects
        • Servers
        • Secrets
          • Secret folders
        • Okta service accounts
        • SaaS app service accounts
        • Active Directory accounts
      • Sudo command bundle
        • Create a sudo command bundle
      • System Configuration
    • Security administration
      • Security policy
        • Add rules to a policy
        • Rule conditions
      • Okta Privileged Access with Access Requests
      • Multifactor authentication
      • Privileged elevation
      • Checkout
        • Enable checkout
        • Force a checkin
    • Workloads
      • Requirements and limitations
      • Get started
      • Configure workload connection
      • CLI command for workload authentication
      • Configure workload roles
      • Principal SSH access for automated workloads
    • User guide
    • Deploy and manage servers
      • Install the Okta Privileged Access server agent
        • Install the Okta Privileged Access server agent on Red Hat (RHEL), Amazon Linux, or Alma Linux
        • Install the Okta Privileged Access server agent on SUSE Linux
        • Install the Okta Privileged Access server agent on Ubuntu or Debian
        • Install the Okta Privileged Access server agent on Windows
      • Server Enrollment
        • Create a server enrollment token
        • Verify server enrollment
        • Unenroll a server from Okta Privileged Access
      • Managed Okta Privileged Access server agent
        • Customize SSHD configurations for servers
        • Configure agent lifecycle management hooks for Okta Privileged Access
      • Configure the Okta Privileged Access server agent
    • Okta Privileged Access clients
      • Install the Okta Privileged Access client
        • Install the Okta Privileged Access client on macOS
        • Install the Okta Privileged Access client on Red Hat (RHEL), Amazon Linux, or Alma Linux
        • Install the Okta Privileged Access client on SUSE Linux
        • Install the Okta Privileged Access client on Ubuntu or Debian
        • Install the Okta Privileged Access client on Windows
      • Enroll the Okta Privileged Access client
        • Silently enroll the Okta Privileged Access client
      • Use the Okta Privileged Access client
      • SFT keyring
      • URL handler
      • SSH setup
        • Customize SSH configurations for clients
      • RDP setup
      • Configure clients for use with Okta Privileged Access
        • Configure Cygwin for Okta Privileged Access
        • Use PuTTY for Okta Privileged Access
        • Configure Royal TSX for Okta Privileged Access
        • Use WinSCP for Okta Privileged Access
    • Gateways
      • Install the Okta Privileged Access gateway
        • Install the Okta Privileged Access gateway on Red Hat (RHEL), or Amazon Linux
        • Install the Okta Privileged Access gateway on Ubuntu or Debian
      • Create tokens and labels
      • Configure the Okta Privileged Access gateway
      • Manage the Okta Privileged Access gateway
      • Session recording
        • Enable session recording on a project
        • Install the RDP Session transcoder
        • Manage session logs
      • Okta Privileged Access gateway capacity planning
      • Okta Privileged Access gateway high availability
    • Audit Events Integration with Okta System Log
    • Kubernetes access management
      • Configure Kubernetes access management
      • Kubernetes cluster connections
    • Reference
      • Roles and permissions
      • Okta Privileged Access accounts
      • Components
      • User attributes
        • Configure team-level user attributes
        • Import user attributes using custom mappings
        • Attribute conflicts
      • Okta Privileged Access port requirements
      • Security policy concepts
      • Server name resolution
      • Secret permissions
      • User management
        • User management in Linux
        • User management in Windows
      • Windows Internals
      • Supported SaaS apps
      • Supported operating systems
      • Get support
  • Automations and hooks
    • Automations
      • Add an automation
    • Inline hooks
      • Add an inline hook
      • Preview an inline hook
      • View usage metrics for your inline hooks
      • Delete an inline hook
      • Manage keys
    • Event hooks
      • Create an event hook
      • Edit an event hook filter
        • Okta Expression Language
      • Verify an event hook
      • Preview an event hook
    • Delegated flows
      • Run a delegated flow
  • User experience
    • Account settings
      • Set up contacts
      • Give access to Okta Support
      • Enable the Directories Debugger
      • Configure client-based rate limiting
      • Set up rate limit notifications
      • Configure your email notifications
      • Configure embedded sign-in support
    • Branding
      • Set a theme for your org
      • Customize your sign-in page
        • Understand Sign-In Widget color customization
      • Customize an error page
      • Apply your theme to Okta email notifications
      • Customize the footer for your org
      • Configure associated domains
      • Disable the Okta loading page
    • Custom email and SMS templates
      • Customize an email template
      • Customize a forgotten password recovery email
      • Test a customized email template
      • Customize an SMS message
      • Configure a custom email address
      • Velocity Template Language
    • Customization settings
      • Customize personal information and password management
      • Configure optional user account fields
      • Customize a sign-out page
      • Configure a custom application error page
      • Customize the access denied error message
      • Customize the Content Security Policy (CSP) for a custom domain
      • Configure the Okta Browser Plugin settings
      • Configure a custom domain
      • Use your own email provider
      • Org display language
    • Okta Personal for Workforce
      • Configure interface updates
      • Configure app migration to Okta Personal
      • Okta Personal for Workforce user experience
    • Okta End-User Dashboard
      • End-user experience
      • Control access to the Okta End-User Dashboard
      • Recently used apps
      • Manage dashboard tabs for end users
      • Disable Okta communications to end users
    • Okta End-User Settings
    • Okta Browser Plugin
      • Security features
      • Allow users to add apps
      • Control access to the Okta Browser Plugin
      • Configure custom end-user portals
      • Prevent browsers from saving credentials
      • Okta Browser Plugin permissions for web extensions
      • Manage installation and upgrade
      • Make apps detectable to the Okta Browser Plugin
      • Silent installations
        • Chrome
        • Firefox
        • Internet Explorer
      • Supported browsers
      • End of support for TLS 1.1
    • User enrollment
      • Profile enrollment
        • Self-Service Registration
        • Progressive enrollment
        • Sign-in flows
        • End user sign-in process
      • Configure user profile policies
        • Create a user profile policy
        • Add apps to a user profile policy
        • Collect profile information and register users
        • Create a custom profile enrollment form
        • Understand attribute rules for the profile enrollment form
        • Reassign a user profile policy
        • Delete a user profile policy
        • Multiple identifiers
        • Add identifiers to a user profile policy
      • Set up a default app redirect
    • Enable self-service features
    • Okta first-party App Switcher
  • References and specifications
    • Supported operating systems and browsers
      • Supported OS levels
    • Object IDs
    • Supported Okta email address characters
    • Supported display languages
    • Okta agent support policies
    • Okta disaster recovery
      • Initiate failover and failback for your org
    • Downloads and version histories
      • Okta Active Directory agent version history
      • Okta Active Directory Password Sync agent version history
      • Okta ADFS Plugin version history
      • Okta Browser Plugin version history
      • Okta Confluence Authenticator version history
      • Okta Hyperdrive agent version history
      • Okta Hyperspace agent version history
      • Okta Jira Authenticator version history
      • Okta LDAP agent version history
      • Okta MFA Credential Provider for Windows version history
      • Okta On-prem Connector version history
      • Okta On-Prem MFA agent version history
      • Okta Oracle Access Manager Plugin Version History
      • Okta People Picker for Sharepoint agent version history
      • Okta Provisioning agent and SDK version history
      • Okta On-prem SCIM Server agent version history
      • Okta RADIUS Server agent version history
      • Okta Secure Access Monitor plugin version history
      • Validate agent downloads
    • Documentation for end users
    • Identity Engine for developers
    • Sign-In Widget (third generation)
    • Migrate policies and apps from Microsoft Entra ID to Okta
      • Migration tasks
      • Prepare for the migration
      • Migrate policies
      • Migrate apps
      • Configure bookmark apps
      • Complete your Okta setup
    • Okta architecture models
      • Okta for mergers and acquisitions
        • Acquired company uses Okta
        • Acquired company uses external IdP
        • Acquired company uses AD or LDAP
      • Okta phishing resistance
        • Require phishing-resistant authentication with pre-enrolled YubiKey
          • Create phishing-resistant app sign-in policies
          • Set up Okta Workflows for YubiKey shipment
          • Order pre-enrolled YubiKeys
          • User experience
    • Glossary
  1. App integrations
  2. Integration guides
  3. Splunk

Splunk Enterprise

The following topics provide the information that you need to integrate your Splunk Enterprise instance with Okta.

Topics

  • Splunk Enterprise supported features
  • Enable Splunk Enterprise provisioning

© Okta, Inc. All Rights Reserved. Various trademarks held by their respective owners.

Top