Skip to main content
Most secure integration method with manual configuration
The Private Key integration method provides the highest level of security for connecting to your Okta organization. This method requires manual configuration in Okta but offers enhanced security through public/private key cryptography.
This integration method requires manual setup and cannot be configured through the Okta Integration Network marketplace.

Prerequisites

Before you begin, ensure you have:
  • Okta Super Admin or Application Administrator access
  • Your Okta organization domain
  • Permissions to create Application Integrations
  • Ability to grant admin roles to service accounts

Setup guide

Create Okta API Service Integration manually

1

Create App Integration

Login to Okta and navigate to Applications, then select Create App Integration
Custom
2

Select Integration Type

Choose API Services as the integration type
Custom
3

Name the App Integration

Provide a name for your integration (e.g., “Access Management Integration”) and click Save
Custom
4

Configure Private Key Authentication

Configure the authentication method:
  1. Select Private Key/Public Key as the Client Authentication Method
  2. Click Add Key to generate a key pair
  3. Copy the Client ID for later use
    Custom
5

Generate PEM Key Pair

Generate a new PEM key pair for the integration
Custom
6

Save Private Key and KID

Copy and securely store both:
  • The Private PEM Key
  • The KID (Key Identifier)
You will need both values to configure the integration
Custom
7

Disable DPoP Requirement

Uncheck the Require DPoP option to ensure compatibility
Custom
8

Grant Required Scopes

Add the following Okta API scopes to the integration:
  • okta.users.read
  • okta.users.manage
  • okta.groups.read
  • okta.groups.manage
  • okta.apps.read
  • okta.apps.manage
    Custom
9

Assign Admin Roles

Grant the following admin roles to the integration:
  • Application Administrator
  • Group Administrator
    Custom

Add integration

1

Navigate to integrations

Go to Settings > Integrations
Custom
2

Select Okta Integration

Choose Okta from the available integrations
Custom
3

Choose Private Key Method

Select Private Key as your authentication method
4

Enter Integration Details

Provide the following information from your Okta setup:
  1. Okta Domain: Your Okta domain (e.g., https://your-org.okta.com)
  2. Client ID: The Client ID from your Okta integration
  3. Private Key PEM: The Private Key PEM you saved earlier
  4. KID: The Key Identifier (KID) you saved earlier
    Custom
5

Complete Setup

Click Add Okta to complete the integration setup

Troubleshooting

Cause: Private key or KID is incorrectSolution:
  • Verify the Private Key PEM is copied correctly (including BEGIN/END markers)
  • Ensure the KID matches the key in Okta
  • Check that the key hasn’t been deleted in Okta
  • Try generating a new key pair if needed
Cause: Missing required API scopes or admin rolesSolution:
  • Verify all required scopes are granted in Okta
  • Check that Application Administrator role is assigned
  • Ensure Group Administrator role is assigned
  • Review the integration’s admin role assignments
Cause: DPoP (Demonstrating Proof-of-Possession) is enabledSolution:
  • Disable Require DPoP in the Okta integration settings
  • Save the changes and retry the connection
Cause: Private key format is incorrectSolution:
  • Ensure the key is in PEM format
  • Verify the key includes the full BEGIN/END markers
  • Check for any line breaks or formatting issues
  • Generate a new key pair if the format is corrupted

Features

Once connected, you can use Okta actions in workflows:

Okta Actions

Manage user group memberships, assign applications, and check group membership for access management