Skip to main content

Connect Okta to Anzenna

Integrate Anzenna with Okta to monitor user authentication, device management, application access, and optionally enable identity-based remediations.

Prerequisites

  • Okta administrator access
  • Anzenna account
  • Ability to create API applications in Okta

Overview

The integration provides:

  • User directory and authentication logs
  • Device management data
  • Application access monitoring
  • Group memberships

  • Optional: Policy management and user lifecycle remediations

Step-by-Step Instructions

Part 1: Initial Setup

  1. Navigate to

    app.anzenna.ai

  2. Sign in with Google using your corporate account

  3. Go to the enrollment page

Part 2: Create API Services App in Okta

  1. Access your Okta admin interface

  2. Navigate to Applications > Applications

  3. Click Create App Integration

  4. Select API Services

  5. Click Next

  6. Enter application name: 

    Anzenna Integrations

  7. Click Save

Part 3: Configure OAuth Settings

  1. In the application settings, note the Client ID

  2. Navigate to Security > API in Okta admin

  3. Find Authorization Servers > default

  4. Click on Settings

  5. Under Token Settings, locate DPoP

  6. Disable "Require Demonstrating Proof of Possession (DPoP) header"

DPoP Setting

This OAuth security feature must be disabled for Anzenna's integration to function properly.

Part 4: Assign Read-Only Administrator Role

  1. In your Anzenna Integrations app, go to Assignments tab

  2. Click Assign > Assign to People or Assign to Groups

  3. Search for and select Read-only Administrator

  4. Click Assign and Done

Part 5: Grant API Scopes

  1. In the application settings, go to Okta API Scopes tab

  2. Click Grant for the following scopes:

Required scopes for monitoring:

  • okta.devices.read
  • okta.logs.read
  • okta.users.read
  • okta.groups.read
  • okta.appGrants.read
  • okta.apps.read
Copy-Paste Format
okta.devices.read, okta.logs.read, okta.users.read, okta.groups.read,
okta.appGrants.read, okta.apps.read

Part 6: Optional Remediation Scopes

If you want Anzenna to perform automated remediations:

  1. Assign Organization Administrator role (in addition to Read-only)

  2. Grant additional scopes:
  • okta.policies.read
  • okta.policies.manage
  • okta.groups.manage
  • okta.authenticators.read
  • okta.users.manage
Remediation Copy-Paste
okta.policies.read, okta.policies.manage, okta.groups.manage,
okta.authenticators.read, okta.users.manage

Part 7: Get Public Key and Client ID

  1. In the Anzenna Integrations app, go to General tab

  2. Scroll down to Client Credentials

  3. Copy the Public key URL
  4. Copy the Client ID

Part 8: Complete Connection in Anzenna

  1. Return to

    app.anzenna.ai

  2. Navigate to Settings > Integrations

  3. Find the Okta integration card

  4. Paste the Public key URL
  5. Paste the Client ID

  6. Enter your Okta domain (e.g., your-company.okta.com)

  7. Click Save or Connect

  8. Verify the connection - status should show green/connected within a few seconds

Verification

  1. Check integration status in Anzenna shows Connected

  2. Navigate to Users dashboard

  3. Verify user data from Okta is syncing
  4. Review authentication logs are appearing
  5. Confirm device data is visible

What Data is Collected

User Data

  • User directory information
  • Authentication events
  • Login history
  • Failed login attempts
  • MFA status

Device Data

  • Registered devices
  • Device trust status
  • Platform information
  • Last seen timestamps

Application Data

  • Assigned applications
  • Application usage
  • Grant permissions
  • Access patterns

Group Data

  • Group memberships
  • Group hierarchies
  • Role assignments

Remediation Capabilities

With Organization Administrator role and management scopes:

  • User management - Suspend/unsuspend users

  • Group management - Add/remove from groups

  • Policy enforcement - Update security policies

  • MFA requirements - Enforce authentication factors

  • Session management - Terminate active sessions

Troubleshooting

Connection Fails

  • Verify both Public key URL and Client ID are correct

  • Check DPoP header requirement is disabled
  • Ensure API Services app is active
  • Confirm scopes were granted

No Data Syncing

  • Wait 15-30 minutes for initial sync

  • Verify Read-only Administrator role assigned

  • Check all required scopes are granted
  • Ensure Okta domain is correct

Permission Errors

  • Review granted scopes match requirements
  • Confirm roles are properly assigned
  • Check API rate limits aren't exceeded

  • Verify organization settings allow API access

Security Considerations

  • OAuth 2.0 with public key authentication
  • Read-only by default
  • Explicit scope-based permissions
  • All actions logged in both systems
  • Regular scope audits recommended

Best Practices

  1. Start read-only - Add remediation later if needed

  2. Monitor initial sync - Watch for errors

  3. Document credentials - Save public key URL securely

  4. Regular reviews - Audit scopes quarterly

  5. Test remediations - Verify before production use

Need help? Contact

Anzenna Support

for assistance.