> For the complete documentation index, see [llms.txt](https://prohelp.assetpanda.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://prohelp.assetpanda.com/integrations-store/user-management/okta-integration.md).

# Okta Integration

You can integrate Okta with Asset Panda Pro to sync user directories and enable single sign-on (SSO) for secure, centralized access. The integration provides the following capabilities:

* Map Okta attributes such as ID, name, email, and department to matching Asset Panda fields, and assign a unique identifier to prevent duplicate records. 
* Start with a full import, then run delta syncs to update only changed records. 
* Apply department, group, or status filters to limit which accounts load. 
* Enable Okta-based logins and combine role-based or custom permissions to control access, while keeping directories aligned with Azure AD and Google Workspace integrations.

## **Prerequisites**

* Active Asset Panda Pro subscription with Admin access/permission to add integrations and map fields
* Active Okta deployment with Admin access/permission to create API credentials and authorize external applications
* Unique identifier (for example, Okta user ID or email) for record matching
* Defined filter scope for initial load (department, group, or status)

{% hint style="info" %}

* Collection-time filters support only department, group, and status. 
* Login-access user loads accept group filters only.
  {% endhint %}

***

## Generate an Okta API token <a href="#generate-an-okta-api-token" id="generate-an-okta-api-token"></a>

1. Sign into the Okta Admin Console.
2. Open **Security > API** and select the **Tokens** tab.
3. Click **Create Token**.
4. Enter a descriptive token name.
5. (Optional) Add network restrictions by IP address or CIDR range to limit token usage.
6. Click **Create Token**.
7. Copy the token value immediately and store it in a secure location, such as a secrets manager or encrypted vault.&#x20;

{% hint style="warning" %}

* Okta displays the token only once; Okta stores a hashed value afterward. If you lose the token, you must revoke the token and create a new one.&#x20;
* Consider adding network restrictions and limiting token scope where possible.
  {% endhint %}

***

## Set up the Okta integration  <a href="#add-okta-integration-in-asset-panda" id="add-okta-integration-in-asset-panda"></a>

You must configure Asset Panda Pro to use the Okta API token and verify the connection:

1. Log into Asset Panda Pro with an administrator account
2. Navigate to <img src="/files/dLHka5YWbUR3zisHLua6" alt="Settings icon" data-size="line"> **Settings** > **Account Management**.
3. Expand the appropriate account and module.
4. Click **Manage** in the **Integrations** card.
5. Select **Integrations Store**.
6. In the **Okta** tile, click **Add**. The **Integrations in this module** tab is displayed.
7. In the **Okta** tile, click **Configure**.
8. Paste the URL and the token obtained from the Okta API admin console.
9. Click **Test and save connection.**
10. If the test passes, click **Continue with Mapping.**
11. Click **Add Mapping Option**. The Mapping Option view is displayed.
12. Select one of the following mapping options:
    * **To create an Asset Panda user from Okta with login access:**
      1. Click **Create an Asset Panda user from Okta with login access**.
      2. Enter a name in the **Mapping Name** field.
      3. Under the Okta section, select a user group (for example, **Okta administrators**).
      4. In the **User Role** field, map a role for the corresponding user group.
      5. Map the Okta field with an Asset Panda Pro user field.&#x20;
      6. After mapping the fields, click **Save.**
      7. To synchronize more data with Okta, click **Sync more data with Okta**.
    * **To import users as reference records without login access:**
      1. Click **Create Asset Panda users from Microsoft Entra ID with login access**.
      2. Enter a name in the **Mapping Name** field.
      3. For **External Entity**, select the entity type (for example, Mobile Devices).
      4. For **Collection**, select a collection (for example, Azure Users).
      5. Map the necessary fields. To add additional mappings, click **Add More**.
13. Click **Save**.

### User de-provisioning & Status handling (Login users only)

Asset Panda Pro does not independently delete users. All de-provisioning actions depend on the user data exposed by Okta.

If users are created with login access via the Okta integration, Asset Panda Pro manages user deactivation based on user lifecycle events in Okta and the availability of user data through Okta APIs and system logs.

* **Deactivated users:**\
  If a user is deactivated in Okta, the corresponding **Asset Panda login user is deactivated** during the next sync.
* **Deleted users:**

  Okta exposes deleted user information through system logs, not through a persistent deleted-users endpoint. Asset Panda can deactivate deleted users **only if the deletion event is available in Okta logs** at the time of sync

{% hint style="warning" %}
To ensure reliable de-provisioning, it is recommended to run frequent syncs (daily or weekly). If Okta logs are purged or removed, deleted user information is no longer accessible, and Asset Panda Pro cannot retrieve or deactivate those users.<br>
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://prohelp.assetpanda.com/integrations-store/user-management/okta-integration.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.