Okta integration logo


Okta is an identity provider widely used for its Universal Directory and Single Sign On features. This allows you to manage employee access to integrated systems in a centralized location.


Up-to-date asset inventory
By syncing with Okta, you'll keep your "People," "Roles," and "SaaS Systems" up-to-date in Comply. Tickets can automatically trigger whenever there are new assets detected - for example, Comply can automatically trigger your Employee Onboarding procedure whenever a new person is detected in Okta, or your Employee Offboarding procedure whenever a person is deprovisioned.

Access control reviews: detect unauthorized access
Comply helps orchestrate the work of Access Control Reviews by pulling grants from Okta, too. Grants are information about "Who has access to what?" for any access that you provision in Okta. By pulling that information into Comply and looking for abnormalities, we help you speed up manual access control reviews and create an audit trail easily. Comply captures the Approved access level, changes in group membership and any notes logged by each asset owner during each recurring review of your systems

Automatic authentication requirements evidence
Every month, Comply will scan your password policies to ensure everyone has a secure password and MFA enabled. Read more about events and automations here and scroll down to see details on the events provided.


Integration with Okta relies on an API Token created by your Okta Admin. Comply leverages a narrow set of read-only API calls and does not write back any information into your Okta instance.


AutomationDescriptionReturnsFramework Mappings
MFA PolicyEnsures account has multi-factor authentication enabled.Comply creates an issue if MFA policy is disabled or if there is an unknown MFA policy.ISO: A.9.3.1, A.9.4.2,
SOC 2: CC6.1
HIPAA: 164.312(d)
Password PolicyEnsures accounts are secured with a password policy meeting, at a minimum, the default Okta policy (8 characters, Lower case letter, Upper case letter, Number, Does not contain part of username)Comply creates an issue if the account password policy does not meet the requirements.ISO: A.9.2.4, A.9.4.2, A.9.4.3,
SOC 2: CC6.1,
HIPAA: 164.308(a)(5)(ii)(D), 164.312(d)


Okta provides MFA Policy Scan and Password Policy Scan events. The MFA Policy Scan events will either be tagged MFA Policy Enabled or MFA Policy Disabled. Password Policy Scan events will either be tagged Adequate Password Policy or Inadequate Password Policy.


  1. Navigate to the Integrations tab in Comply, click Add Integration, and select Okta.
  2. Create a Read-Only Admin account in Okta. This is the account that Aptible will use to access your Okta account.
  3. Create an API token using the account you created in the first step.
  4. Enter the API token into the form.
  5. Enter the Okta domain name. Note that you only need to enter the subdomain. For example, if your Okta domain was healthco.okta.com, you would only enter healthco in the form.


The most common problems when setting up the integration are:

  1. Incorrect role on the service account.
  2. Expired, revoked, or misspelled API tokens.
  3. Mistakes entering the Okta subdomain.

If you receive an error message when trying to sync your integration, please check the above items and contact [email protected] if the problem persists.