Skip to main content

People data connector (JWK)

This setup path creates a dedicated API Services app in Okta with JWK key pair authentication. This is the recommended approach for the people data connector when not using the API token setup.

Prerequisites

  • Okta super admin account with permissions to create applications and manage API scopes.
  • Glean admin console access.
  • SSO must be configured before setting up the people data connector.

Setup instructions

Step 1: Create the connector app in Okta

  1. Sign in to Okta as a super admin.

  2. On the left nav, navigate to Applications > Applications > Create App Integration.

  3. Select API Services for the type of app and name it Glean connector in the App Integration name field.

  4. In your newly created app, click Edit under the General Settings section.

  5. Uncheck Require Demonstrating Proof of Possession (DPoP) header in token requests and click Save.

  6. Back in the app, click the Okta API Scopes tab and grant the following scopes:

    • okta.users.read
    • okta.apps.read
    • okta.logs.read

  7. In the app, click the Admin roles tab and click Edit assignments.

  8. Under Role, select Read-only Administrator and click Save Changes.

  9. Navigate back to the General tab.

  10. Copy the Client ID under Client Credentials.

Step 2: Set up Okta in the Glean admin console

  1. In the Glean admin console, go to Settings > Data sources > Add data source. Search for Okta in the search bar and choose Okta.

  2. Copy the Client ID from Okta and paste it in the corresponding field in the Glean admin console.

  3. Check the URL of your Okta instance. Copy the {yourOktaDomain} part of the URL: https://{yourOktaDomain}-admin.okta.com. Paste it into the Okta domain url field.

  4. Click the Generate JWK Key Pair button. If successful, a JWK public key is displayed.

Step 3: Save the JWK public key in Okta

  1. Back in the Okta admin console, go to the app you created and named Glean Connector.

  2. Edit the settings under General > Client Credentials:

    • Set Client authentication to Public key / Private key.
    • Click Save.

  3. Edit the settings under General > Public keys:

    • Set Configuration to Save keys in Okta.
    • Click Add key.

  4. In the Add a public key popup that appears, paste the JWK public key displayed in Glean and press Done.

Step 4: Complete the setup

  1. Click Save in the Glean admin console to validate that your connector app is set up correctly.

If you encounter any configuration issues or require further assistance, contact Glean support.

© 2026, Glean Technologies, Inc.
Last updated on