Set up Okta people data source
The Okta people data connector crawls user profiles, apps, and activity from Okta into Glean. This setup uses a temporary super admin API token to let Glean automatically create the connector app in your Okta instance.
Requirements
Technical requirements
- An active Glean workspace with access to the connectors gallery.
- Network access from Glean's infrastructure to the Okta APIs over HTTPS.
- An Okta environment with user profiles already populated and in active use.
- You are a Glean admin for your workspace and can access the Glean admin console.
- You are an Okta super admin (or have equivalent privileges) to create applications and manage API scopes during initial setup.
- SSO must be configured before setting up the people data connector.
Credential requirements
The connector uses a temporary super admin API token during initial setup. Glean uses the token to create the connector app and grant it the required scopes. The token should be deleted immediately after setup is complete.
API scopes
The Glean Connector app requires the following Okta API scopes:
| Scope | Required | Description |
|---|---|---|
okta.users.read | Yes | Reads user profile information to create people data for Glean. |
okta.apps.read | No | Reads Okta-managed apps to surface app search results and app-based permissions. |
okta.logs.read | No | Reads system logs for user activity analytics and search personalization. |
Setup instructions
Set up Okta app
-
Sign in to Okta as a super admin. Note your Okta domain URL from the address bar (for example,
https://YourOktaSubdomain-admin.okta.com). You will enter this in Glean in a later step. -
On the left nav panel, go to Security > API > Tokens and click Create token.
-
Name the token Glean.
-
Under API calls made with this token must originate from, select Any IP.
-
Click Create token.
noteThe API token is only used to create the connector app and grant it scopes. Delete the token after setup is complete.
Set up Glean admin console
-
In the Glean admin console, go to Settings > Data sources > Add data source. Search for Okta in the search bar and choose Okta.
-
Copy and paste the domain URL from Okta in the Okta domain URL field.
-
Copy and paste the API token from Okta into the API token field.
-
Click on Create Connector App to create the connector app.
-
Once you have confirmed the app is created successfully, delete the API token created in the previous steps.
If you encounter any configuration issues or require further assistance, contact Glean support.