Skip to main content
Glama
enesjakozh
kapilduraphe

Okta MCP Server

by kapilduraphe
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

get_user_last_location

Retrieve the last known location and login details for a specified Okta user by providing their unique user ID.

Instructions

Retrieve the last known location and login information for a user from Okta system logs

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
userIdYesThe unique identifier of the Okta user

Implementation Reference

  • src/tools/users.ts:966-1047 (handler)
    The main handler function that implements the tool logic. It parses the userId input, fetches the user from Okta, queries system logs for the most recent login event in the last 90 days, and returns formatted location information including IP, city, state, country, device, and user agent.
    get_user_last_location: async (request: { parameters: unknown }) => {
  const { userId } = userSchemas.getUserLastLocation.parse(
    request.parameters
  );

  try {
    const oktaClient = getOktaClient();

    // First get the user to ensure they exist and get their login
    const user = await oktaClient.userApi.getUser({ userId });

    if (!user || !user.profile) {
      return {
        content: [
          {
            type: "text",
            text: `User with ID ${userId} not found.`,
          },
        ],
      };
    }

    // Get the last 90 days of system logs for this user's login events
    const ninetyDaysAgo = new Date();
    ninetyDaysAgo.setDate(ninetyDaysAgo.getDate() - 90);

    // Use the system log API to get login events
    const logs = await oktaClient.systemLogApi.listLogEvents({
      since: ninetyDaysAgo.toISOString(),
      filter: `target.id eq "${userId}" and (eventType eq "user.session.start" or eventType eq "user.authentication.auth_via_mfa" or eventType eq "user.authentication.sso")`,
      limit: 1,
    });

    // Get the first (most recent) log entry
    const lastLogin = await logs.next();

    if (!lastLogin || !lastLogin.value) {
      return {
        content: [
          {
            type: "text",
            text: `No login events found for user ${user.profile.login} in the last 90 days. This might mean the user hasn't logged in recently or the events are not being captured in the system logs.`,
          },
        ],
      };
    }

    const event = lastLogin.value;
    const clientData = event.client || {};
    const geographicalContext = event.client?.geographicalContext || {};

    const formattedLocation = `• Last Login Information for User ${user.profile.login}:
      Time: ${formatDate(event.published)}
      Event Type: ${event.eventType || "N/A"}
      IP Address: ${clientData.ipAddress || "N/A"}
      City: ${geographicalContext.city || "N/A"}
      State: ${geographicalContext.state || "N/A"}
      Country: ${geographicalContext.country || "N/A"}
      Device: ${clientData.device || "N/A"}
      User Agent: ${clientData.userAgent || "N/A"}`;

    return {
      content: [
        {
          type: "text",
          text: formattedLocation,
        },
      ],
    };
  } catch (error) {
    console.error("Error fetching user location:", error);
    return {
      content: [
        {
          type: "text",
          text: `Failed to fetch user location: ${error instanceof Error ? error.message : String(error)}`,
        },
      ],
      isError: true,
    };
  }
},
  • src/tools/users.ts:57-59 (schema)
    Zod schema for input validation of the tool's parameters, requiring a userId string.
    getUserLastLocation: z.object({
  userId: z.string().min(1, "User ID is required"),
}),
  • src/tools/users.ts:324-338 (registration)
    Tool registration in the userTools array, defining the name, description, and input schema for MCP tool registration.
    {
  name: "get_user_last_location",
  description:
    "Retrieve the last known location and login information for a user from Okta system logs",
  inputSchema: {
    type: "object",
    properties: {
      userId: {
        type: "string",
        description: "The unique identifier of the Okta user",
      },
    },
    required: ["userId"],
  },
},

Tool Definition Quality

C2.9/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It states what data is retrieved but doesn't mention whether this requires special permissions, if there are rate limits, what format the location data is in, or whether this accesses real-time vs historical data. For a tool accessing sensitive location/login information, this is insufficient behavioral context.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that front-loads the core purpose. Every word contributes meaning - 'retrieve' (action), 'last known location and login information' (what), 'for a user' (target), 'from Okta system logs' (source). There's no wasted verbiage or redundancy.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a tool that retrieves sensitive location and login data with no annotations and no output schema, the description is incomplete. It doesn't explain what the return data looks like, whether it includes timestamps, geographic coordinates, IP addresses, or device information. Given the complexity of location/login data and absence of structured output documentation, the description should provide more context about the returned information.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100% (the userId parameter is fully documented in the schema), so the baseline is 3. The description doesn't add any parameter-specific information beyond what's in the schema - it doesn't clarify format requirements, provide examples, or explain how to obtain the userId. The description simply reinforces that it retrieves data 'for a user' without parameter details.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb ('retrieve') and resource ('last known location and login information for a user'), and specifies the source ('from Okta system logs'). It distinguishes from generic 'get_user' by focusing on location/login data rather than user profile information. However, it doesn't explicitly differentiate from other sibling tools that might access logs or user data.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives like 'get_user' (for profile data) or other logging tools. It doesn't mention prerequisites, permissions needed, or typical use cases. The agent must infer usage from the tool name and description alone.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/kapilduraphe/okta-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server