HomeGuidesAPI ReferenceChangelogDiscussions
Log In

Okta CLI

This CLI feature integrates with Okta and will allow you to pull data from your Okta instance.

  • authenticate - Allows the user to authenticate with Okta API to verify the credentials are correct in init.yaml
  • get_active_users - Downloads active users from Okta and saves them to a file
  • get_admin_users - Downloads users with admin roles from Okta and saves them to a file
  • get_all_users - Downloads all users from Okta and saves them to a file
  • get_inactive_users - Downloads users that haven't logged in within X days from Okta and saves them to a file
  • get_recent_users - Downloads users that were recently added within X days to Okta and saves them to a file

init.yaml Configuration

  • oktaUrl - URL for your Okta instance
  • oktaClientId - Client id registered to your Application in Okta
  • oktaApiToken - API access token, generated within Okta admin portal
  • oktaScopes - What permissions the RegScale CLI application is allowed from Okta admin portal (requires okta.users.read and okta.roles.read)
  • oktaSecretKey - Only used if Bearer token is your desired authentication method with Okta API

Okta Integration Workflow

  1. Add your Okta domain url into oktaUrl in the init.yaml
  2. Create a custom API Application in Okta, assign it okta.users.read and okta.roles.read scopes
  3. Paste the client id from Okta into oktaClientId in the init.yaml
  4. Determine which type of authentication method to configure for your API Application in Okta
    1. SSWS: Create an API token within Okta then paste it into oktaApiToken in init.yaml
    2. Bearer: Go to your API application and Follow these steps
  5. Execute the authenticate command and enter which method used above
  6. Follow the commands if any were provided by RegScale CLI

Example Commands

Log into RegScale to set the token, which is good for 24 hours, and will secure all future RegScale API calls. (NOTE: You can skip this step if you are using a RegScale Service Account.)

  • regscale login

Enter the parameters below with your information

  • authenticate - Authenticate with Okta API to verify the credentials are correct in init.yaml
    • --type - The type of authentication method to use with Okta API, either SSWS or Bearer allowed
  • get_active_users - Downloads active users from Okta and saves them to a file
    • --save_output_to - The file path to save the formatted active users output from Okta
    • --file_type - The desired file type to save the formatted output from Okta, current accepts .xlsx or .csv formats
  • get_admin_users - Downloads admin users from Okta and saves them to a file
    • --save_output_to - The file path to save the formatted active users output from Okta
    • --file_type - The desired file type to save the formatted output from Okta, current accepts .xlsx or .csv formats
  • get_all_users - Downloads all users from Okta and saves them to a file
    • --save_output_to - The file path to save the formatted active users output from Okta
    • --file_type - The desired file type to save the formatted output from Okta, current accepts .xlsx or .csv formats
  • get_inactive_users - Downloads users that haven't logged in within X days from Okta and saves them to a file
    • --days - The number of days a user hasn't signed in to be considered inactive, default is 30
    • --save_output_to - The file path to save the formatted active users output from Okta
    • --file_type - The desired file type to save the formatted output from Okta, current accepts .xlsx or .csv formats
  • get_new_users - Downloads users that were created within X days from Okta and saves them to a file
    • --days - The number of days to see if a user has been added to Okta, default is 30
    • --save_output_to - The file path to save the formatted active users output from Okta
    • --file_type - The desired file type to save the formatted output from Okta, current accepts .xlsx or .csv formats

init.yaml Example

The following init.yaml structure is necessary (example/notional key structure shown below, replace with actual customer keys):

domain: https://mycompany.regscale.com
token: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6IkpXVCJ9.eyJzdWIiOiJhYmVsYXJkbyJ9.b-ao0bpoc6CiJ3ygG8-XOk_gwn8BehAcuLGaPB6rlu8
oktaUrl: https://mycompany.okta.com/
oktaApiToken: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2NzA4ODE5NDYsImF1ZCI6Imh0dHBzOi8vcmVnc2NhbGUuY29tL2RvY3VtZW50YXRpb24vY2xpLW9rdGEiLCJzdWIiOiJBQmVsYXJkbyJ9.6eaQ8cs4_CS-VqSgPaXFpDdG9BsQge5UgXyi_ABfk5E
oktaClientId: 3ckjyHsh1O
oktaScopes: okta.users.read okta.roles.read
oktaSecretKey: 
    d: fUw_FM3KetY2m-CCcVglEBFofgrpEOg3_1j_bH5dN0ZUPzxa7NboCU1T1Ymm_mWskEcX_nXqPPo_wgHpXOEx6fs-qmX_b07omdwIWWWMyOD1Av_J1hr2qy6fXluh6vMM658Zj9txo-a2Np5em8UOIOy9Ckpb019Q4JyLV01QIbJdXM0jVNyBZ_WkyLRpyKzGBKLOqSLJgZU7POdFtMAMP1F93wKaVsZGjURoYhf74CyFFauoTFxMtEm4i3pDXtwxW_DeaFR-CfystmMP8-0f_c5eimYVTSO3gusMmz9gzWj0MLsNjNHDLj3Xb8tfSfnFUbRVBlB2v3eQF3_NIpzzwQ,
    dp: aNAmiTQfWpG11vvOosj9Nk91YBoko30slMPlLVNhThd907hOkKOJMQaw3TkBJpdqzIuEp_uI5-hFOSpg5d7tbR5gCnIknf110QsjyRc9yzMsjpmG4nHCK3Y4bwh_j215GJcs-cZFvvFyedmaXSk_yZ3KSL32Pk0h4Y89J6vpYCE,
    dq: M3aWjqfjqXiLR2VHDW1L9lq0kxJXQhv2Krz_A6JKmAam52e4ZZgNyIcc-2Pb2_MJDBkndKav-boewddKWDOMjdg3pO1wzfNqt1FqLWpY8uvmRFT9k4RUFwIjqy4vjT-neZpKkpmUonr6q02EJCCQ-W-W8T0BWJFCtOqCYhBV8V0,
    e: AQAB,
    kid: tFD8DypMJ45XvcOgnm9E0AVHKrdsirqlvlIZu8QwNs9LDrisjSWpZeRF3N9xxbJU0xKqXe,
    kty: RSA,
    n: i64Q-oe2ApbxpLdI33PGv0n7Y_cGlnAms49ixa2yl4KsfaPpGakhYyVn_rM6JYfND2jGskrkh-8XETQSyfvx7CgvyQxjUwwXmuPUzxxn0rzUm03rci8uPd3Pd-g1OVK_wpnRGM23O4YiRrHEXFCsDGWXddYFyBwhq0rrgJ-VU5W93qpKCtwCmWOel-0RjyK2SIXmxNjUaQCJGejmpkEJPMKZByDw8yW9pXj7-U-pHmpF37U443gwk6ZPRjjyLJxxdymiGY4bwEgRIVISWvDRUB4yblY8bmlL5Elie7foQWWVy4he7uynpTWOoR99Hoh9esfTxGi8OZIMk27zeCgVz,
    p: v_NKXVS-9s7bgdJXwC_X70PqE_-E03l0dfPaS3XlfB8L05OugzZzx0j-soocWqepnMgGNK5E17Rv5KRDIansJE94i2z4xpmLU-tCqML4tNnP6WF8bh0FAIDoYz3tFdNzbnfn-HgQLQiUiHab2sUL6OtamPJM-Zmlp496egx0btE,
    q: uknA0B1xhNiEr7yPTVXOMeT6Wuc3uygeTBaXgIjY_jGPDXSqCOoWt3Yv6Z1SgK8tXLeVhmZ3JbZIQObu0CKua1TfpnuFXx8Ek9jTZp6YsuhyI6ZhiwjjagmC8EKqQ0QCHEazgKGiewnfJKq-X1cS7uJ-5tg7sSMZRSy2zoHGTj0,
    qi: NubiSoHx0a9L5fnRt0zrNZdQEmRLGBqFZlzeOZDaZXd8HFWk9APppYb-6XyRH5rQeSOa2FkLQxe9xDnCxrMMcjkFIgZrp9HR1kZ3R-wqYjraA3dU7uYbwTZpUbo2xagNUYXyHgVlgjFZUPUdxlNlSRtKSh3QUexm3mfE9-3hlG8

Building a Bash Script to Execute the CLI

You can execute RegScale CLI commands using scripts. These scripts could be in Bash, Python, PowerShell, etc. Below is an example Bash file (named get_okta_active_users.sh) in Ubuntu for executing the CLI to compare two files.

#!/bin/sh

# Download active users from Okta and save them to a .xlsx file
regscale okta get_active_users --save_output_to okta_files/users --file_type .xlsx

To execute the Bash file, run this command: /path/to/folder/get_okta_active_users.sh. You can chain together any arbitrary set of CLI commands to have them execute sequentially.