Okta MCP Server

A Model Context Protocol (MCP) server for managing Okta platform.

Quick Start

1. Initialize & Configure

# Setup with your Okta credentials (interactive)
npx @indranilokg/okta-mcp-server init

You'll be prompted for:

Okta Domain: your-domain.okta.com (or .oktapreview.com)
API Token: Get from Okta Admin → Security → API → Tokens

2. Add to your MCP Client (e.g., Claude Desktop, Windsurf, Cursor, etc.)

Add to your MCP client configuration:

{
  "mcpServers": {
    "okta": {
      "command": "npx", 
      "args": ["-y", "@indranilokg/okta-mcp-server", "run"]
    }
  }
}

3. Start Using

Restart your MCP client and use Okta tools in your chats!

Commands

# Initial setup
npx @indranilokg/okta-mcp-server init

# Check authentication status  
npx @indranilokg/okta-mcp-server session

# Start server (for MCP)
npx @indranilokg/okta-mcp-server run

# Clear credentials
npx @indranilokg/okta-mcp-server logout

Available Tools

See TOOLS for a complete, categorized list of all available tools and their descriptions.

Usage Examples

See EXAMPLES for practical usage examples for all major tool categories (Application, Group, User).

Security

Credentials are stored securely using:

OS Keychain (preferred) - macOS Keychain, Windows Credential Manager, Linux keyring
Secure file (fallback) - ~/.okta-mcp/config.json with restricted permissions
Environment variables (last resort) - OKTA_DOMAIN and OKTA_API_KEY

Getting Okta API Token

Log in to Okta Admin console
Go to Security → API → Tokens
Click Create Token
Name it (e.g., "MCP Server") and create
Copy the token immediately (you won't see it again!)

Troubleshooting

# Check if authenticated
npx @indranilokg/okta-mcp-server session

# Re-authenticate  
npx @indranilokg/okta-mcp-server logout
npx @indranilokg/okta-mcp-server init

# Test server manually
npx @indranilokg/okta-mcp-server run

License

MIT