SSPM Administration
  • SSPM Administration
  • SaaS Security Documentation
  • All Documentation
>
Onboard an Okta App to SSPM
Focus
Download PDF
Focus
  1. Home
  2. SaaS Security
  3. Onboard SaaS Apps Supported by SSPM
  4. Onboard an Okta App to SSPM
Download PDF
SaaS Security

Onboard an Okta App to SSPM

Table of Contents

Onboard an Okta App to SSPM

Connect an Okta instance to SSPM to detect posture risks.
Where Can I Use This?What Do I Need?
  • Strata Cloud Manager
  • SaaS Security Posture Management license
Or any of the following licenses that include the Data Security license:
  • CASB-X
  • CASB-PA
For SSPM to detect posture risks in your Okta instance, you must onboard your Okta instance to SSPM. Through the onboarding process, SSPM connects to an Okta API by using an API token that you generate from Okta's administrator console. After connecting to the Okta API, SSPM scans your Okta instance for misconfigured settings. If there are misconfigured settings, SSPM suggests a remediation action based on best practices.
To onboard your Okta instance, you complete the following actions:
  • Create an API Token for Connecting to Your Okta Instance
  • Connect SSPM to Your Okta Instance

Create an API Token for Connecting to Your Okta Instance

To access your Okta instance, SSPM requires the following information, which you will specify during the onboarding process.
ItemDescription
API Token
A generated character string that identifies an Okta administrator to the Okta API. SSPM requires this API token to authenticate to the API. The token will inherit the permissions of the administrator who creates the token.
Required permissions: The API token must be created by a Super Administrator.
Admin Instance URL
The URL for your administrator console.
As you complete the following steps, make note of the values of the items described in the preceding table. You will enter these values during onboarding to enable SSPM to access your Okta instance.
  1. Identify the Okta Super Administrator account that you will use to create your API Key.
    The API key will inherit the permissions of the administrator who creates the key. To grant SSPM the permissions it needs, the API key must be created by a Super Administrator.
  2. Using the Super Administrator account that you identified, log in to your Okta administrator console.
  3. Identify your administrator instance URL, which appears in the browser's address bar.
    Your administrator instance URL is your subdomain plus -admin.okta.com (https:// <subdomain>-admin.okta.com).
    Before you continue to the next step, make note of your administrator instance URL. You will provide this information to SSPM during the onboarding process.
  4. In the left navigation pane, select SecurityAPI.
  5. On the API page, select the Tokens tab.
  6. Create token.
    A dialog opens prompting you to name your token.
  7. Specify a name for your token and Create token.
    Okta generates and displays your token.
  8. Copy the generated token and paste it into a text file.
    Do not continue to the next step unless you have copied the API token. You will provide this token to SSPM during the onboarding process.

Connect SSPM to Your Okta Instance

By adding an Okta app in SSPM, you enable SSPM to connect to your Okta instance.
  1. From the Add Application page ( Posture SecurityApplicationsAdd Application), click the Okta tile.
  2. Under posture security instances, Add Instance or, if there is already an instance configured, Add New instance.
  3. Log in with Credentials.
  4. Enter your API token and your administrator instance URL and Connect.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.

xThanks for visiting https://docs.paloaltonetworks.com. To improve your experience when accessing content across our site, please add the domain to the allow list on your ad blocker application.