Skip to content
Recued
Menu
← Back to packs

Identity Governance - Okta

by recued-core v1 app_pack

API capability pack for bounded Okta Management API v1 operations. Enroll an okta API connection with base_url set to the tenant API root, for example https://example.okta.com/api/v1, and authenticate with a scoped OAuth/OIDC bearer token where available; a tightly scoped SSWS-token header connection can also be used when the tenant still relies on API tokens. The pack reads users, user groups, user app links, groups, group members, applications, application users, and System Log events for access governance, offboarding review, and identity incident triage. It bundles a scheduled access hygiene digest, an AI-assisted user access brief, and approval-gated workflows for suspending/unsuspending one user and adding/removing one user from one group. The pack intentionally excludes user creation, deactivation, deletion, password and factor reset flows, authenticator enrollment mutation, role/admin assignment, app assignment mutation, policy/profile/schema mutation, token/session/recovery-factor administration, domain/network/brand/rate-limit/admin APIs, and arbitrary API passthrough.

Trust & control

What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.

Where it runs

Device + server Runs on your device (browser) or your server.

What it's allowed to do

Admin Web APIs okta external change
Read: user.search · No approvalRead: user.read · No approvalRead: user.group.search · No approvalRead: user.app_link.search · No approvalRead: group.search · No approvalRead: group.read · No approvalRead: group.user.search · No approvalRead: app.search · No approvalRead: app.read · No approvalRead: app.user.search · No approvalRead: log.search · No approvalAdmin: user.lifecycle.suspend · Always asksAdmin: user.lifecycle.unsuspend · Asks approvalAdmin: group.user.add · Asks approvalAdmin: group.user.remove · Always asks

Data it touches

SurfacesWeb APIs

About

Tags

pack:oktaoktaidentityaccess-governanceusersgroupsapplicationssystem-logsecurityoffboardingapiv3composition