Help Center
Open app
Help CenterIntegrationsConnect Okta

Integrations

Connect Okta

How to connect Okta as your identity provider so Doow can map your users, groups, and app access.

Connecting Okta lets Doow discover which SaaS applications your team uses, who is using them, and how often. Doow requests read-only access and never modifies your Okta configuration.

What Doow reads from Okta

When you connect Okta, Doow pulls:

  • Users — names, email addresses, and status (active, suspended, deactivated)
  • Groups — group names and memberships, used to map departments and teams
  • Application assignments — which users are assigned to which SaaS apps via Okta
  • Sign-in logs — last-login timestamps per user per app (used for utilisation calculations)

Doow does not read: passwords, MFA configurations, user attributes beyond name and email, or group rules.

Before you start

You need:

  • An Okta administrator account (Super Admin or Org Admin)
  • Permission to create an API token or OAuth application in Okta
  • SSO already configured in Okta if you plan to use Okta as your Doow SSO provider as well (optional)

Step 1 — Create an Okta API token

  1. Sign in to your Okta admin dashboard at [your-domain].okta.com.
  2. Go to Security → API → Tokens.
  3. Click Create token.
  4. Give it a name (e.g. "Doow read-only integration") and click Create.
  5. Copy the token immediately — Okta only shows it once.

Step 2 — Enter the token in Doow

  1. In Doow, go to Settings → Integrations.
  2. Click Connect integration and select Okta.
  3. Enter your Okta domain (the subdomain from your Okta URL, e.g. acmecorp from acmecorp.okta.com).
  4. Paste the API token.
  5. Click Connect.

Doow validates the token and begins an initial sync. This typically takes 2–10 minutes depending on the number of users and apps in your Okta directory.

Step 3 — Verify the sync

Once the sync completes, you should see your Okta-discovered applications on the Applications page (marked with an SSO badge). The number of users and groups imported is shown on the integration card in Settings → Integrations.

If some applications are missing, see Integration not syncing.

Renewing or revoking access

Okta API tokens do not expire automatically, but you can revoke them at any time:

  1. Go to Security → API → Tokens in Okta.
  2. Find the Doow token and click Revoke.

If you revoke the token, Doow's sync stops and your Okta data is no longer updated. Historical data is preserved. To reconnect, create a new token and enter it in Doow.