> ## Documentation Index
> Fetch the complete documentation index at: https://nango.dev/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta (Client Credentials)

## Overview

<CardGroup cols={3}>
  <Card title="Pre-built tooling" icon="screwdriver-wrench" href="#pre-built-tooling" />

  <Card title="Pre-built integrations" icon="square-check" href="#pre-built-integrations" />

  <Card title="Access requirements" icon="triangle-exclamation" href="#access-requirements" />

  <Card title="Setup guide" icon="rocket" href="#setup-guide" />

  <Card title="Useful links" icon="circle-info" href="#useful-links" />

  <Card title="API gotchas" icon="biohazard" href="#api-gotchas" />
</CardGroup>

## Pre-built tooling

<AccordionGroup>
  <Accordion title="✅ Authorization">
    | Tools                           | Status |
    | ------------------------------- | ------ |
    | Pre-built authorization (OAuth) | ✅      |
    | Credentials auto-refresh        | ✅      |
    | Pre-built authorization UI      | ✅      |
    | Custom authorization UI         | ✅      |
    | End-user authorization guide    | ✅      |
    | Expired credentials detection   | ✅      |
  </Accordion>

  <Accordion title="✅ Read & write data">
    | Tools                                     | Status                         |
    | ----------------------------------------- | ------------------------------ |
    | Pre-built integrations                    | 🚫 (time to contribute: \<48h) |
    | API unification                           | ✅                              |
    | 2-way sync                                | ✅                              |
    | Webhooks from Nango on data modifications | ✅                              |
    | Real-time webhooks from 3rd-party API     | 🚫 (time to contribute: \<48h) |
    | Proxy requests                            | ✅                              |
  </Accordion>

  <Accordion title="✅ Observability & data quality">
    | Tools                   | Status |
    | ----------------------- | ------ |
    | HTTP request logging    | ✅      |
    | End-to-end type safety  | ✅      |
    | Data runtime validation | ✅      |
    | OpenTelemetry export    | ✅      |
    | Slack alerts on errors  | ✅      |
    | Integration status API  | ✅      |
  </Accordion>

  <Accordion title="✅ Customization">
    | Tools                              | Status |
    | ---------------------------------- | ------ |
    | Create or customize use-cases      | ✅      |
    | Pre-configured pagination          | ✅      |
    | Pre-configured rate-limit handling | ✅      |
    | Per-customer configurations        | ✅      |
  </Accordion>
</AccordionGroup>

*No pre-built syncs or actions available yet.*

<Tip>Not seeing the integration you need? [Build your own](/guides/functions/functions-guide) independently.</Tip>

## Access requirements

| Pre-Requisites    | Status         | Comment                                                                                       |
| ----------------- | -------------- | --------------------------------------------------------------------------------------------- |
| Paid dev account  | ✅ Not required | Free developer account available at [developer.okta.com](https://developer.okta.com/signup/). |
| Paid test account | ✅ Not required | Developer accounts can be used for testing.                                                   |
| Partnership       | ✅ Not required |                                                                                               |
| App review        | ✅ Not required |                                                                                               |
| Security audit    | ✅ Not required |                                                                                               |

## Setup guide

*No setup guide yet.*

<Tip>Need help getting started? Get help in the [community](https://nango.dev/slack).</Tip>

<Note>Contribute improvements to the setup guide by [editing this page](https://github.com/nangohq/nango/tree/master/docs/api-integrations/okta-cc.mdx)</Note>

## Useful links

* [Okta API Services app setup guide](https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/main/)
* [Okta private\_key\_jwt client authentication](https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/main/#create-a-public-private-key-pair)
* [Okta Management API OAuth 2.0 scopes reference](https://developer.okta.com/docs/api/oauth2/#okta-admin-management)
* [Okta API reference](https://developer.okta.com/docs/reference/)
* [API rate limiting](https://developer.okta.com/docs/reference/rate-limits/)

<Note>Contribute useful links by [editing this page](https://github.com/nangohq/nango/tree/master/docs/api-integrations/okta-cc.mdx)</Note>

## API gotchas

* This provider uses Okta's **Org Authorization Server** (`/oauth2/v1/token`) with `private_key_jwt` client authentication to call Okta's Management API.
* The Okta application **must be created as API Services** (Applications > Create App Integration > API Services). Standard OIDC apps only support `authorization_code` and will return `unauthorized_client` errors.
* Authentication uses `private_key_jwt`: you generate an RSA key pair, upload the public key to the Okta app, and provide the private key to Nango. No client secret is used.
* Scopes must be granted to your application under **Applications > `your app` > Okta API Scopes**. See the full list in the [Okta Management API scopes reference](https://developer.okta.com/docs/api/oauth2/#okta-admin-management).
* Client credentials do not use refresh tokens — Nango re-authenticates automatically when the access token expires (default: 1 hour).
* Management API endpoints (e.g. `/api/v1/users`) return an empty array (`200 []`) — not a `403` — when the API Services app has no **admin role** assigned. Grant at least **Read-Only Administrator** under **Security > Administrators** (or **Applications > `your app` > Admin roles**) to return results.

<Note>Contribute API gotchas by [editing this page](https://github.com/nangohq/nango/tree/master/docs/api-integrations/okta-cc.mdx)</Note>

## Going further

<Card title="Connect to Okta (Client Credentials)" icon="link" href="/api-integrations/okta-cc/connect" horizontal>
  Guide to connect to Okta (Client Credentials) using Connect UI
</Card>