Okta MCP Server
Provides tools for investigating user incidents, managing users, groups, applications, MFA factors, sessions, policies, identity providers, network zones, and System Log events in Okta, with optional write tools for lifecycle and remediation.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Okta MCP Serversummarize the incident context for user jane@example.com since 2026-07-06T12:00:00Z"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Okta MCP Server
A TypeScript Model Context Protocol server that exposes Okta incident-support and administrative workflows to MCP-compatible IDE clients over stdio.
Capabilities
Read org metadata.
Investigate user incidents with one summary tool.
List and inspect users, groups, app assignments, MFA factors, sessions, policies, IdPs, network zones, and System Log events.
Query focused user System Log events by actor, event type, and outcome.
Optionally expose write/remediation tools for lifecycle, group membership, session clearing, password expiry, and MFA reset.
Related MCP server: Okta MCP Server by CData
Requirements
Node.js 20 or newer.
An Okta org URL such as
https://example.okta.com.An Okta API token with the least privileges needed for the tools you plan to use.
Setup
npm install
cp .env.example .env
npm run buildSet these environment variables before launching the server:
export OKTA_ORG_URL="https://your-org.okta.com"
export OKTA_API_TOKEN="your-okta-api-token"
export OKTA_REQUEST_TIMEOUT_MS="30000"
export OKTA_ENABLE_WRITE_TOOLS="false"OKTA_ENABLE_WRITE_TOOLS defaults to false. Keep it false for read-only support triage. Set it to true only for trusted remediation sessions where your MCP host has explicit tool-call approval.
Run
For local development:
npm run devFor the local React support console:
npm run build
export OKTA_ORG_URL="https://your-org.okta.com"
export OKTA_API_TOKEN="your-okta-api-token"
export OKTA_ENABLE_WRITE_TOOLS="false"
npm run uiOpen http://127.0.0.1:5173. The React app talks to a local HTTP bridge on port 4174, and the bridge talks to this MCP server over stdio.
For an MCP client, use the built entrypoint:
{
"mcpServers": {
"okta": {
"command": "node",
"args": ["/absolute/path/to/Okta MCP Server/dist/index.js"],
"env": {
"OKTA_ORG_URL": "https://your-org.okta.com",
"OKTA_API_TOKEN": "your-okta-api-token"
}
}
}
}Tools
Tool | Purpose |
| Read organization metadata. |
| Gather profile, groups, factors, sessions, app links, and recent logs for a user. |
| List users with |
| Read one user by ID, login, or shortname. |
| List groups assigned to a user. |
| List enrolled MFA factors for a user. |
| Read one enrolled MFA factor. |
| List active sessions for a user. |
| List app links visible to a user. |
| List groups with |
| Read one group. |
| List users assigned to a group. |
| List applications. |
| Read one application. |
| List users assigned to an application. |
| Read one app assignment for a user. |
| List Okta policies for access and sign-on troubleshooting. |
| Read one policy. |
| List policy rules. |
| List identity providers. |
| Read one identity provider. |
| List network zones. |
| Query System Log events. |
| Search user-related System Log events by login, email, or user ID. |
These remediation tools are registered only when OKTA_ENABLE_WRITE_TOOLS=true:
Tool | Purpose |
| Create a user with a supplied profile, credentials, and optional groups. |
| Update a user's profile or credentials. |
| Deactivate a user. |
| Unlock a locked user. |
| Suspend a user. |
| Unsuspend a user. |
| Expire a password and optionally issue a temporary password. |
| Reset a user's MFA factor. |
| Clear user sessions and optionally revoke OAuth tokens. |
| Create a group. |
| Add a user to a group. |
| Remove a user from a group. |
Incident Workflows
Common support prompts from an MCP client IDE:
"Use Okta to summarize the incident context for user jane@example.com since 2026-07-06T12:00:00Z."
"Check whether this user has active sessions, enrolled factors, and recent MFA failures."
"Find failed sign-in or app access events for jane@example.com in the last two hours."
"Compare the user's assigned groups with the failing application's assignments."
"List sign-on and MFA policies that may affect this app or user."
Security Notes
Use a scoped Okta admin/API token and rotate it regularly.
Store
OKTA_API_TOKENin your MCP host's secret storage when available.Leave
OKTA_ENABLE_WRITE_TOOLS=falsefor normal incident triage.Treat lifecycle, MFA reset, session clearing, and membership tools as privileged operations.
Review MCP host approvals before allowing write operations.
See Architecture for component design, data flow, and extension guidance. See Using Okta MCP from Claude or VS Code for natural-language support workflows.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/bangarrajuv2/okta-mcpserver'
If you have feedback or need assistance with the MCP directory API, please join our Discord server