Okta / Identity Providers
Scan your identity provider for MFA enforcement, password policies, user lifecycle management, and application access controls.
On this page
Supported Providers
ComplyWise supports direct integration with Okta as the primary identity provider connector. Additional IdP integrations (Azure AD/Entra ID, OneLogin, JumpCloud) are available as part of the platform's extensible scanner architecture. This guide focuses on Okta; Azure AD is covered in the Azure integration.
- Okta — full integration with Organizations API
- Azure AD / Entra ID — covered via the Azure integration
- OneLogin, JumpCloud — available on Enterprise plans
Okta API Token
Create a read-only API token in Okta for ComplyWise. Navigate to Okta Admin → Security → API → Tokens and create a new token. The token should be created by an Okta admin account with read-only admin permissions. This token is encrypted at rest in ComplyWise using industry-standard encryption.
- Create token from an account with Read-Only Admin role
- Token provides API access to users, groups, policies, and system logs
- Token encrypted at rest — never stored in plaintext
- Rotate tokens quarterly as a best practice
What Gets Scanned
The Okta scanner evaluates your identity environment against compliance controls related to authentication, access management, and user lifecycle. It checks MFA enrollment rates, password policy strength, application assignments, and system log activity for anomalous access patterns.
- Users: active count, MFA enrollment, last login, deprovisioned accounts
- Policies: password complexity, MFA requirements, session lifetime, sign-on policies
- Groups: membership, application assignments, rule-based groups
- Applications: SSO configuration, provisioning status, unassigned apps
- System Log: failed authentication attempts, admin actions, policy changes
Configuring in ComplyWise
Go to Settings → Integrations → Okta. Enter your Okta domain (e.g., yourorg.okta.com) and the API token. ComplyWise verifies the connection by calling the Users API. Once validated, Okta data is included in all subsequent compliance scans.
- Enter your Okta org domain URL
- Paste the API token created in the previous step
- Connectivity test validates API access and permissions
- Findings mapped to AC (Access Control) and IA (Identification & Authentication) controls
Compliance Mapping
Okta scan results map to identity and access management controls across all supported frameworks. MFA enforcement maps to SOC 2 CC6.1, ISO 27001 A.9.4, HIPAA §164.312(d), and CMMC IA.L2-3.5.3. Password policies map to corresponding authentication controls. User lifecycle management covers onboarding, offboarding, and access reviews.
- MFA enforcement → SOC 2 CC6.1, ISO A.9.4, HIPAA §164.312(d), CMMC IA
- Password policy strength → SOC 2 CC6.1, NIST CSF PR.AC, PCI DSS 8
- Access reviews and user lifecycle → SOC 2 CC6.2, ISO A.9.2, HIPAA §164.312(a)
- Privileged access monitoring → SOC 2 CC6.3, NIST CSF PR.AC-4