Easy setup through Okta OIN API Integration Service marketplace
Prerequisites
Before you begin, ensure you have:- Okta Super Admin or Application Administrator access
- Your Okta organization domain
- Permissions to create API Service Integrations
Setup guide
Install integration from Okta API Integration Store
Access Okta API Service Catalog
Log in to your Okta Admin Console and navigate to the API Service Catalog


Configure domain and Client ID
Configure your Okta domain and note the Client ID that will be generated


Grant required scopes
Ensure the integration has the following Okta API scopes:
okta.users.readokta.users.manageokta.groups.readokta.groups.manageokta.apps.readokta.apps.manageokta.factors.readokta.factors.manage
Add integration
Enter integration details
Provide the following information:
- Okta Domain: Your Okta domain (e.g.,
https://your-org.okta.com) - Client ID: The Client ID from your Okta integration
- Client Secret: The Client Secret from your Okta integration

Troubleshooting
Invalid credentials error
Invalid credentials error
Cause: Client ID or Client Secret is incorrectSolution:
- Verify the Client ID and Client Secret are copied correctly
- Ensure there are no extra spaces or characters
- Check that the integration still exists in Okta
- Try creating a new integration if credentials are lost
Missing scopes or partial sync
Missing scopes or partial sync
Cause: The integration was created with a subset of the required Okta API scopes.Behavior: Ravenna no longer blocks integration setup when some scopes are missing. The integration is created with the scopes you granted, and any resource Ravenna can’t read (users, groups, or applications) syncs as empty until the missing scope is added.Solution:
- Verify all required scopes are granted in Okta
- Check that the integration has Application Administrator role
- Ensure Group Administrator role is assigned
- For password and MFA reset, assign
Help Desk AdministratororSuper Administrator - After granting the missing scopes, trigger a resync from the integration page (no need to disconnect and reconnect)
Password or MFA reset fails with a permission error (403)
Password or MFA reset fails with a permission error (403)
Cause: Okta enforces credential reset through admin roles, separately from API scopes, so the integration can have every scope and still be blocked.
Application Administrator and Group Administrator cannot reset credentials.Solution:- Assign
Help Desk AdministratororSuper Administratorto the integration - Retry the action; no resync or reconnect is needed
Domain not found error
Domain not found error
Cause: Incorrect Okta domainSolution:
- Verify the domain matches your Okta organization (e.g.,
https://your-org.okta.com) - Ensure the domain is active and accessible
- Check for typos in the domain name
Features
Once connected, you can use Okta actions in workflows:Okta Actions
Manage user group memberships, assign applications, and check group membership for access management


