Okta Integration

You can integrate Okta with Asset Panda Pro to sync user directories and enable single sign-on (SSO) for secure, centralized access. The integration provides the following capabilities:

• Map Okta attributes such as ID, name, email, and department to matching Asset Panda fields, and assign a unique identifier to prevent duplicate records.

• Start with a full import, then run delta syncs to update only changed records.

• Apply department, group, or status filters to limit which accounts load.

• Enable Okta-based logins and combine role-based or custom permissions to control access, while keeping directories aligned with Azure AD and Google Workspace integrations.

Prerequisites

• Active Asset Panda Pro subscription with Admin access/permission to add integrations and map fields

• Active Okta deployment with Admin access/permission to create API credentials and authorize external applications

• Unique identifier (for example, Okta user ID or email) for record matching

• Defined filter scope for initial load (department, group, or status)

Generate an Okta API token

1. Sign into the Okta Admin Console.

2. Open Security > API and select the Tokens tab.

3. Click Create Token.

4. Enter a descriptive token name.

5. (Optional) Add network restrictions by IP address or CIDR range to limit token usage.

6. Click Create Token.

7. Copy the token value immediately and store it in a secure location, such as a secrets manager or encrypted vault.

Set up the Okta integration

You must configure Asset Panda Pro to use the Okta API token and verify the connection:

1. Log into Asset Panda Pro with an administrator account

2. Navigate to Settings > Account Management.

3. Expand the appropriate account and module.

4. Click Manage in the Integrations card.

5. Select Integrations Store.

6. In the Okta tile, click Add. The Integrations in this module tab is displayed.

7. In the Okta tile, click Configure.

8. Paste the URL and the token obtained from the Okta API admin console.

9. Click Test and save connection.

10. If the test passes, click Continue with Mapping.

11. Click Add Mapping Option. The Mapping Option view is displayed.

12. Select one of the following mapping options:

    • To create an Asset Panda user from Okta with login access:

      1. Click Create an Asset Panda user from Okta with login access.

      2. Enter a name in the Mapping Name field.

      3. Under the Okta section, select a user group (for example, Okta administrators).

      4. In the User Role field, map a role for the corresponding user group.

      5. Map the Okta field with an Asset Panda Pro user field.

      6. After mapping the fields, click Save.

      7. To synchronize more data with Okta, click Sync more data with Okta.

    • To import users as reference records without login access:

      1. Click Create Asset Panda users from Microsoft Entra ID with login access.

      2. Enter a name in the Mapping Name field.

      3. For External Entity, select the entity type (for example, Mobile Devices).

      4. For Collection, select a collection (for example, Azure Users).

      5. Map the necessary fields. To add additional mappings, click Add More.

13. Click Save.

User de-provisioning & Status handling (Login users only)

Asset Panda Pro does not independently delete users. All de-provisioning actions depend on the user data exposed by Okta.

If users are created with login access via the Okta integration, Asset Panda Pro manages user deactivation based on user lifecycle events in Okta and the availability of user data through Okta APIs and system logs.

• Deactivated users: If a user is deactivated in Okta, the corresponding Asset Panda login user is deactivated during the next sync.

• Deleted users:

  Okta exposes deleted user information through system logs, not through a persistent deleted-users endpoint. Asset Panda can deactivate deleted users only if the deletion event is available in Okta logs at the time of sync