AiStrike Documentation

Okta

This guide outlines the steps to assign a Read-Only Admin role (or an equivalent custom role) in Okta and generate an API token for secure integration with AiStrike. The token will allow AiStrike to access user and system data in a read-only manner.◼︎

Creating a Read-Only Service Account

To create a dedicated read-only service account for AiStrike. Use a service account in your Okta org, such as:

  • aistrike.serviceaccount.readonly@yourcompany.com

Steps to Create a Service User in Okta

  1. Sign in to your Okta organization as a user with administrator privileges.

  2. In the Okta Admin console, go to Directory > People, and then click Add person.

  3. Enter the following details:

    1. First Name: AIStrike

    2. Last Name: ReadOnly

    3. Username / Email: aistrike.serviceaccount.readonly@yourcompany.com

  4. Assign to a group if needed (optional).

  5. Click Save.

Step 1: Assign Read-Only Admin Role

  1. Go to: Security → Administrators

  2. Click Add Administrator

  3. In the dialog:

    1. Enter the email of the service user you just created

    2. Under Grant administrator role, choose Read-Only Administrator

    3. Scope the role to the entire organization

  4. Click Save to assign the role

For OKTA Remediation: Please assign Read-Write Admin to the same user.

Optional: Create a Custom Read-Only Role

If more granular control is needed:

  1. Go to: Security → Administrators → Roles

  2. Click Create Role

  3. Name the role (e.g., AIStrike Read-Only)

  4. Assign the following permissions:

    1. View users

    2. View groups

    3. View applications

    4. View system logs and events

    5. Save the role and assign it to the user

Step 2: Generate the Okta API Token

  1. Log in to Okta using the service user with the Read-Only Admin role

  2. Navigate to: Security → API → Tokens

  3. Click Create Token

  4. Provide a meaningful name, e.g., AIStrike Read-Only Token

  5. Click Create Token. You will be shown the token once. Copy and store it securely.

Response Action permissions:

Provide all write options for the response action you want to take:

  • Create a Role (AiStrike_Response_Action)

  • Assign the write permission required to take that action.

Example: Password reset — User:

  • View users' profile attributes

  • Activate users

  • Deactivate users

  • Suspend users

  • Unsuspend users

  • Unlock users

  • Clear users' sessions

  • View users and their details

  • Reset users' passwords

  • View API tokens

Share the Token Securely with AiStrike

Send the token to AiStrike via a secure method (e.g., password-protected vault, secure link).

Optional: Set token rate limits

  1. When you create API tokens using the Admin Console, rate limits for token interactions are set automatically to 50 percent of each API maximum limit. See API rate limits. You can adjust this percentage for each token.

  2. In the Admin Console, go to Security → API.

  3. Click the Tokens tab.

  4. Click the name of the token that you want to edit.

  5. In the Token rate limits section, click Edit.

  6. Adjust the slider to the suitable percentage, if you observe API rate limit notification.

  7. Click Save.