Docs
Plugins
Sources
Okta
Overview

Okta Source Plugin

Latest: v2.4.0

The CloudQuery Okta plugin extracts data from your Okta domain and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Authentication

To authenticate (opens in a new tab) CloudQuery with your Okta account you need to set an OKTA_API_TOKEN environment variable or add it the configuration.

Configuration

The following example sets up the Okta plugin, and connects it to a postgresql destination:

kind: source
spec:
  # Source spec section
  name: okta
  path: cloudquery/okta
  version: "v2.4.0"
  tables: ["*"]
  destinations: ["postgresql"]
  spec:
    # Required. Your Okta domain name
    domain: "https://<YOUR_OKTA_DOMAIN>.okta.com/"

    # Optional. Okta Token to access API
    # ⚠️ Warning - Your token should be kept secret and not committed to source control.
    # ⚠️ Warning - In the future versions token parameter will become required.
    # token: "<YOUR_OKTA_TOKEN>"

    # Optional. Rate limiter settings
    # rate_limit:
    #   max_backoff: 5s
    #   max_retries: 3

Make sure you use environment variable expansion in production instead of committing the credentials to the configuration file directly.

  • domain (string, required)

    Specify the Okta domain you are fetching from. Visit this link (opens in a new tab) to find your Okta domain.

  • token (string, optional)

    Token for Okta API access. You can set this with an OKTA_API_TOKEN environment variable.

    ⚠️

    Using OKTA_API_TOKEN environment variable will be deprecated in the future versions. You can use environment variable expansion and "${OKTA_API_TOKEN}" value in the configuration instead.

  • debug (bool, optional. Default: false)

    Enables debug logs within the Okta SDK.

    ⚠️

    This feature will result in sensitive information being logged!

  • rate_limit (Rate limit spec, optional. Default: see rate limit spec defaults)

    Rate limit configuration.

Rate limit spec

  • max_backoff (duration, optional. Default: 5s)

    Max backoff interval to be used. If the value specified is less than the default one, the default one is used.

  • max_retries (int32, optional. Default: 3)

    Max retries to be performed. If the value specified is less than the default one, the default one is used.

Example Queries

List all users in Okta

select 
  id,
  profile->>'firstName' as first_name,
  profile->>'lastName' as last_name,
  profile->>'email' as email,
  status
from okta_users;

List all active users

select
  id,
  profile->>'firstName' as first_name,
  profile->>'lastName' as last_name,
  profile->>'email' as email,
  status from okta_users
where
  status = 'ACTIVE';

List active Okta applications

select
  id,
  name
from
  okta_applications
where status = 'ACTIVE';

List active Okta applications, ordered by number of users

select 
  a.id,
  a.name,
  a.status,
  count(u) 
from okta_applications a 
  left join okta_application_users u 
    on u.app_id = a.id 
group by a.id, a.name
order by count desc;