Identity Governance - Okta
API capability pack for bounded Okta Management API v1 operations. Enroll an okta API connection with base_url set to the tenant API root, for example https://example.okta.com/api/v1, and authenticate with a scoped OAuth/OIDC bearer token where available; a tightly scoped SSWS-token header connection can also be used when the tenant still relies on API tokens. The pack reads users, user groups, user app links, groups, group members, applications, application users, and System Log events for access governance, offboarding review, and identity incident triage. It bundles a scheduled access hygiene digest, an AI-assisted user access brief, and approval-gated workflows for suspending/unsuspending one user and adding/removing one user from one group. The pack intentionally excludes user creation, deactivation, deletion, password and factor reset flows, authenticator enrollment mutation, role/admin assignment, app assignment mutation, policy/profile/schema mutation, token/session/recovery-factor administration, domain/network/brand/rate-limit/admin APIs, and arbitrary API passthrough.
What this pack installs
- Okta access hygiene digest Recipe
- Okta user access brief Recipe
- Suspend an Okta user Recipe
- Unsuspend an Okta user Recipe
- Add an Okta user to a group Recipe
- Remove an Okta user from a group Recipe
- okta Ingredient
Trust & control
What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.