--- title: Okta API Integration on Truto slug: okta category: SSO canonical: "https://truto.one/integrations/detail/okta/" --- # Okta API Integration on Truto **Category:** SSO **Status:** Generally available ## Unified APIs ### Unified HRIS API - **Companies** — Companies represent the companies in HRIS - **Employees** — Represents an employee in HRIS - **Groups** — Groups represent the groups for an Employee - **Locations** — Locations represent the locations in HRIS ### Unified User Directory API - **Activities** — Activities are the actions performed by users in the source application. - **Groups** — Groups are a collection of users in the source application. In some applications, they might also be called Teams. - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ### Unified Single Sign-On API - **App Users** — AppUsers represent the users assigned to an application. - **Apps** — Applications represent the applications that are registered with the SSO service. ## How it works 1. **Link your customer's Okta account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Okta.** The Proxy API is a 1-to-1 mapping of the Okta API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate user provisioning and deprovisioning** — SaaS companies moving upmarket need to automatically create and suspend user accounts when enterprise IT teams assign or remove employees in Okta. This eliminates manual account management and satisfies SOC 2 compliance requirements around timely access revocation. - **Sync Okta groups to in-app roles and workspaces** — Enterprise customers expect their Okta group structure to map directly to permissions and team assignments inside your product. By reading Okta groups through a unified API, your app can auto-assign users to the correct workspace, billing tier, or role without any manual configuration. - **Pull rich user profiles to auto-populate your app** — Instead of asking enterprise users to manually fill in their department, title, manager, and location, SaaS companies can pull this data directly from Okta's Universal Directory to pre-populate user profiles and personalize the product experience from day one. - **Enforce license compliance by syncing app assignments** — SaaS companies selling seat-based licenses need to know exactly which users are authorized in the customer's Okta tenant. By reading app and app-user assignments, your product can automatically reconcile license counts against the customer's SSO source of truth. - **Ingest Okta activity logs for security and audit dashboards** — Security-focused SaaS products can pull authentication events, MFA challenges, and failed login attempts from Okta to power their customers' compliance reporting, insider threat detection, or access review workflows. ## What you can build - **Zero-touch user onboarding from Okta groups** — Automatically create user accounts and assign them to the correct workspace or project when they appear in a mapped Okta group, with no IT ticket or manual invite required. - **Real-time account suspension on offboarding** — Detect when a user is deactivated or removed from your app's assignment in Okta and immediately suspend their account in your product to close the access gap. - **Group-to-role permission mapping** — Let enterprise admins control your app's internal roles — Admin, Viewer, Editor — by simply managing Okta group memberships, with your product reflecting changes automatically. - **Pre-populated user profiles from directory data** — Pull department, title, manager, location, and employee number from Okta's user directory to enrich your app's profiles without asking users to self-report. - **Seat-based license reconciliation dashboard** — Build an admin view that compares active app-user assignments in Okta against consumed licenses in your product, flagging orphaned accounts and unauthorized access. - **Authentication activity audit log** — Surface Okta login events, MFA challenges, and failed authentication attempts inside your product's security dashboard so customers can correlate access patterns with in-app actions. ## FAQs ### Which Truto Unified APIs support Okta? Okta is available through three Unified APIs: the Unified HRIS API (Companies, Employees, Groups, Locations), the Unified User Directory API (Activities, Groups, Roles, Users), and the Unified Single Sign-On API (App Users, Apps). If you need functionality beyond these unified models, Truto can build custom tools on request. ### How does authentication work for Okta integrations through Truto? Truto handles the OAuth 2.0 flow for Okta on your behalf. Your end users authorize the connection through Truto's embedded linking experience, and Truto manages token storage, refresh, and revocation so you never handle credentials directly. ### Does Truto handle Okta's API rate limits? Yes. Truto manages pagination and respects Okta's rate limit headers automatically, including backoff and retry logic. You interact with a consistent unified API and don't need to implement Okta-specific rate limit handling in your code. ### Can I access custom user profile attributes from Okta? The Unified APIs expose standard profile fields like department, title, manager, and location. For custom Okta profile attributes beyond the unified schema, Truto supports proxy requests and can build custom tools on request to surface the specific fields you need. ### What kind of activity data can I read from Okta? Through the Unified User Directory API's Activities resource, you can retrieve Okta system log events including authentication successes, MFA challenges, failed login attempts, and other identity-related events that feed audit and compliance workflows. ### Can I write data back to Okta or is it read-only? The supported operations depend on the specific Unified API resources. For capabilities like creating or updating users in Okta (e.g., for HR-to-Okta profile mastering), Truto can build custom tools on request. Contact the Truto team to scope write operations for your use case.