> ## Documentation Index
> Fetch the complete documentation index at: https://docs.brm.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta

> BRM integrates natively with IDP providers including Google, and Okta. From the IDP providers BRM is able to determine who within your organization is using which software, the frequency of use, and what scopes and permissions the software has access to.

## Authenticating Okta

Today BRM supports Okta via two different methods

**1. Okta API Key**

**2. OAuth 2.0**

### Okta API Key

This is the fastest, and most permissive of the integrations BRM has to offer. Please note that despite these permissions allowing read and write access to Okta, BRM only uses the read permissions. Future product roadmap does include write functionality; we will alert all customers of the change via a BRM request, and ask for your approval at that point in time.

**Step 1: Create the token**

The below video details the proper steps for creating the token.

<iframe width="640" height="414" src="https://www.loom.com/embed/d901779ea55344d6804fa4d3098223e1?sid=05cf15b4-45a1-47af-a5f5-d92155f24ac4" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen />

**Step 2: Permission BRM**

* Navigate to `settings` by selecting your `profile` picture in the top right
* Select `integrations` on the left side navigation bar
* Choose the Connect button on the `Okta` *Okta SSO Logins* tile
* Copy and paste the `Okta Resource Domain` (your org’s Okta domain — drop the admin) and `Okta API Key` you generated previously using the *Step 1* video above

<iframe width="640" height="360" src="https://www.loom.com/embed/9738a349a8014264995b1464dc609725?sid=375a9a75-2de8-4413-b99f-c74c4a246308" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen />

**Tips**

* To find your Okta Resource Domain follow [these directions](https://developer.okta.com/docs/guides/find-your-domain/main/) to locate it.

### Okta OAuth 2.0

<iframe width="640" height="400" src="https://www.loom.com/embed/57131e732bb24ab9af17f5637650d405?sid=6037fe42-3b64-4a51-951a-4e49d98e543e" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen />

**Step 1: Create the Okta \<> BRM Application**

1. Login to your Okta Admin account
2. Head to `Application`
3. Click `Create App Integration` and select `API Services`. Name the integration "BRM Integration"
4. Navigate down to `General Setting` > click Edit > uncheck `Require Demonstrating Proof of Possession (DPoP)` > Save
5. Navigate to the tab `Okta API Scopes` next to `General`
   1. Grant the following scopes: `okta.apps.read`, `okta.logs.read`, `okta.users.read`
6. Navigate to the tab `Admin Roles` next to `Okta API Scopes`
   1. Click `Edit assignments` > Select Role > set Role to `Read-only Administrator` > click Save Changes
7. Navigate back to the tab `General` > Click `Edit` next to Client Credentials > select `Public key / Private key` > click `Add key` > click `Generate new key` > click `Copy to clipboard` > click `Done` > click `Save`
   1. **Make sure to save down the private key somewhere safe. It will not appear again**

**Step 2: Permission BRM**

1. Navigate to `settings` by selecting your `profile` picture in the top right
2. Select `integrations` on the left side navigation bar
3. Choose the Connect button on the `Okta (OAuth 2.0)` \*\*tile
4. Copy and paste the `Okta Resource Domain` (your org’s Okta domain — drop the admin), the Client ID of the app you just created (found in the `General` tab), and the `Okta Private Key` you generated previously that you saved down from the previous step

If you have any questions or need help authenticating your IDPs to BRM, please email support @brm.ai
