Skip to main content

Authenticating Okta

Today BRM supports Okta via two different methods 1. Okta API Key 2. OAuth 2.0

Okta API Key

This is the fastest, and most permissive of the integrations BRM has to offer. Please note that despite these permissions allowing read and write access to Okta, BRM only uses the read permissions. Future product roadmap does include write functionality; we will alert all customers of the change via a BRM request, and ask for your approval at that point in time. Step 1: Create the token The below video details the proper steps for creating the token.
Step 2: Permission BRM
  • Navigate to settings by selecting your profile picture in the top right
  • Select integrations on the left side navigation bar
  • Choose the Connect button on the Okta Okta SSO Logins tile
  • Copy and paste the Okta Resource Domain (your org’s Okta domain — drop the admin) and Okta API Key you generated previously using the Step 1 video above
Tips

Okta OAuth 2.0

Step 1: Create the Okta <> BRM Application
  1. Login to your Okta Admin account
  2. Head to Application
  3. Click Create App Integration and select API Services. Name the integration “BRM Integration”
  4. Navigate down to General Setting > click Edit > uncheck Require Demonstrating Proof of Possession (DPoP) > Save
  5. Navigate to the tab Okta API Scopes next to General
    1. Grant the following scopes: okta.apps.read, okta.logs.read, okta.users.read
  6. Navigate to the tab Admin Roles next to Okta API Scopes
    1. Click Edit assignments > Select Role > set Role to Read-only Administrator > click Save Changes
  7. Navigate back to the tab General > Click Edit next to Client Credentials > select Public key / Private key > click Add key > click Generate new key > click Copy to clipboard > click Done > click Save
    1. Make sure to save down the private key somewhere safe. It will not appear again
Step 2: Permission BRM
  1. Navigate to settings by selecting your profile picture in the top right
  2. Select integrations on the left side navigation bar
  3. Choose the Connect button on the Okta (OAuth 2.0) **tile
  4. Copy and paste the Okta Resource Domain (your org’s Okta domain — drop the admin), the Client ID of the app you just created (found in the General tab), and the Okta Private Key you generated previously that you saved down from the previous step
If you have any questions or need help authenticating your IDPs to BRM, please email support @brm.ai