Docs
Plugins
Sources
Okta
Overview

Okta Source Plugin

Latest: v2.1.4

The CloudQuery Okta plugin extracts Okta resources.

Authentication

To authenticate (opens in a new tab) CloudQuery with your Okta account you need to set an OKTA_API_TOKEN environment variable or add it the configuration.

Configuration

In order to get started with the Okta plugin, you need to create a YAML file in your CloudQuery configuration directory (e.g. named okta.yml).

The following example sets up the Okta plugin, and connects it to a postgresql destination:

kind: source
spec:
  # Source spec section
  name: okta
  path: cloudquery/okta
  version: "v2.1.4"
  tables: ["*"]
  destinations: ["postgresql"]
  spec:
    # Required. Your Okta domain name
    domain: "https://<YOUR_OKTA_DOMAIN>.okta.com/"

    # Optional. Okta Token to access API, you can set this with OKTA_API_TOKEN environment variable
    # ⚠️ Warning - Your token should be kept secret and not committed to source control
    # token: "<YOUR_OKTA_TOKEN>"
  • domain (Required) - Specify the Okta domain you are fetching from. Visit this link (opens in a new tab) to find your Okta domain
  • token (Optional) - Okta Token to access the API. You can set this with an OKTA_API_TOKEN environment variable

Example Queries

List all users in Okta

select 
  id,
  profile->>'firstName' as first_name,
  profile->>'lastName' as last_name,
  profile->>'email' as email,
  status
from okta_users;

List all active users

select
  id,
  profile->>'firstName' as first_name,
  profile->>'lastName' as last_name,
  profile->>'email' as email,
  status from okta_users
where
  status = 'ACTIVE';

List active Okta applications

select
  id,
  name
from
  okta_applications
where status = 'ACTIVE';

List active Okta applications, ordered by number of users

select 
  a.id,
  a.name,
  a.status,
  count(u) 
from okta_applications a 
  left join okta_application_users u 
    on u.app_id = a.id 
group by a.id, a.name
order by count desc;