Can I use Okta as a CLI?

Yes. KosmoKrator exposes a Okta CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Okta through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Okta tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Okta credentials stored?

Okta credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Okta MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

data

Okta MCP, CLI, and Lua Integration for AI Agents

Okta integration docs for AI agents: MCP gateway setup, Okta CLI commands, Lua API reference, credentials, and function schemas.

Okta for agents

Credentials can be configured manually in web or CLI hosts.

Use this integration from Lua code mode, the headless integrations CLI, or the KosmoKrator MCP gateway. The same package metadata powers all three surfaces.

Agent Surfaces

Okta CLIHeadless setup, JSON output, direct function calls. Okta MCPExpose selected tools to local MCP clients. Okta LuaAgent-facing namespace and Lua reference. FeedbackReport missing tools, auth issues, or bad metadata.

Machine-Readable Metadata

integration_slug: okta
route_slug: okta
package: okta
auth_strategy: api_token
cli_setup_supported: true
cli_runtime_supported: true
mcp_gateway_supported: true
lua_supported: true

Function Catalog

Function	Type	Parameters	Description
`okta.okta_list_users`	Read `read`	2	List users in the Okta organization. Returns user profiles with IDs, names, emails, and status. Supports search filtering by name or email.
`okta.okta_get_user`	Read `read`	1	Get details for a specific Okta user by ID or login email. Returns the full user profile including status, group memberships, and assigned applications.
`okta.okta_get_current_user`	Read `read`	0	Get the profile of the currently authenticated Okta API token owner. Useful for verifying the integration connection and identifying which service account is in use.
`okta.okta_create_user`	Write `write`	3	Create a new user in Okta. Requires a profile with at least firstName, lastName, email, and login. Optionally provide credentials (password) and control activation.
`okta.okta_update_user`	Write `write`	3	Update an existing Okta user profile. Provide only the profile fields you want to change — other fields remain unchanged.
`okta.okta_deactivate_user`	Write `write`	1	Deactivate an Okta user. The user will be unable to sign in but their data is retained. This action can be reversed by reactivating the user in the Okta admin console.
`okta.okta_list_groups`	Read `read`	1	List groups in the Okta organization. Returns group names and IDs. Supports search filtering by group name.
`okta.okta_get_group`	Read `read`	1	Get details for a specific Okta group by ID. Returns the group name, description, and type.
`okta.okta_add_user_to_group`	Write `write`	2	Add a user to an Okta group. The user will inherit the group's assigned applications and permissions.
`okta.okta_list_applications`	Read `read`	0	List applications in the Okta organization. Returns application names, IDs, statuses, and types.