Okta Identity Manager

v1.0.0Securitystable

The Okta MCP Server is a groundbreaking tool built by the team at Fctr that enables AI models to interact directly with your Okta environment using the Model Context Protocol (MCP). Built specifically for IAM engineers, security teams, and Okta admin

agentic-aiaiartificial-intelligenceidentityidentity-management
Share:
38
Stars
0
Downloads
0
Weekly
0/5

What is Okta Identity Manager?

Okta Identity Manager is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to okta mcp server is a groundbreaking tool built by the team at fctr that enables ai models to interact directly with your okta environment using the model context protocol (mcp). built specifically for...

The Okta MCP Server is a groundbreaking tool built by the team at Fctr that enables AI models to interact directly with your Okta environment using the Model Context Protocol (MCP). Built specifically for IAM engineers, security teams, and Okta admin

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • The Okta MCP Server is a groundbreaking tool built by the te

Use Cases

IAM automation
Identity and access management
Admin task automation
fctr-id

Maintainer

LicenseApache 2.0
Languagepython
Versionv1.0.0
UpdatedApr 25, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx okta

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Okta Identity Manager

The Okta MCP Server, built by the team at Fctr, connects AI assistants directly to your Okta environment via the Okta Management API, enabling natural-language identity and access management for IAM engineers, security teams, and Okta administrators. It exposes tools for listing and inspecting users, groups, applications, policy rules, network zones, and system event logs, plus two advanced analysis tools that perform complete user application access evaluations and login risk assessments — including VPN/Tor detection and geographic impossibility checks. Security teams use it to automate routine Okta administration, investigate suspicious login activity, and audit user permissions without switching to the Okta admin console. It supports STDIO, HTTP, and SSE transports and can be deployed via Docker.

Prerequisites

  • Python 3.10 or newer with pip installed
  • An Okta organization URL (e.g., https://dev-123456.okta.com)
  • An Okta API token with read access to users, groups, applications, logs, and policies
  • An MCP-compatible client such as Claude Desktop or Cursor
  • Optional: Docker for containerized deployment
1

Clone the Okta MCP Server repository

Clone the fctr-id/okta-mcp-server repository from GitHub and enter the project directory.

git clone https://github.com/fctr-id/okta-mcp-server.git
cd okta-mcp-server
2

Create a Python virtual environment and install dependencies

Set up an isolated Python environment and install all required packages from requirements.txt.

python -m venv venv
source venv/bin/activate   # Windows: venv\Scripts\activate
pip install -r requirements.txt
3

Configure your Okta credentials

Set the OKTA_CLIENT_ORGURL and OKTA_API_TOKEN environment variables. Create a .env file in the project root for convenience.

OKTA_CLIENT_ORGURL=https://dev-123456.okta.com
OKTA_API_TOKEN=00your_okta_api_token_here
4

Test the server in STDIO mode

Run the server directly using Python to verify it connects to your Okta org before adding it to a client. STDIO mode is the recommended and most secure transport.

python main.py
5

Add to Claude Desktop configuration

Register the Okta MCP Server with Claude Desktop by adding this block to your claude_desktop_config.json file, using the full path to your Python executable and main.py.

{
  "mcpServers": {
    "okta": {
      "command": "/path/to/okta-mcp-server/venv/bin/python",
      "args": ["/path/to/okta-mcp-server/main.py"],
      "env": {
        "OKTA_CLIENT_ORGURL": "https://dev-123456.okta.com",
        "OKTA_API_TOKEN": "00your_okta_api_token_here"
      }
    }
  }
}
6

Optional: Deploy via Docker with HTTP transport

For shared team use, deploy the server as a Docker container with HTTP transport. Note the --iunderstandtherisks flag required for non-STDIO modes.

docker run -d -p 3000:3000 \
  -e OKTA_API_TOKEN=00your_okta_api_token_here \
  -e OKTA_CLIENT_ORGURL=https://dev-123456.okta.com \
  fctrid/okta-mcp-server:http

Okta Identity Manager Examples

Client configuration (Claude Desktop)

Full Claude Desktop configuration for the Okta MCP Server using STDIO transport with the virtual environment Python binary.

{
  "mcpServers": {
    "okta": {
      "command": "/path/to/okta-mcp-server/venv/bin/python",
      "args": ["/path/to/okta-mcp-server/main.py"],
      "env": {
        "OKTA_CLIENT_ORGURL": "https://dev-123456.okta.com",
        "OKTA_API_TOKEN": "00your_okta_api_token_here"
      }
    }
  }
}

Prompts to try

Example security and IAM investigation prompts that leverage the Okta MCP Server's user management and risk analysis tools.

- "Can user [email protected] access the Salesforce application? Show me the policy reasoning."
- "Is [email protected]'s recent login activity suspicious? Check for VPN usage and geographic anomalies."
- "List all users in the 'Engineering' group and their assigned applications."
- "Show me Okta system event logs for failed MFA attempts in the last 24 hours."
- "Which network zones are configured and what IP ranges do they cover?"

Troubleshooting Okta Identity Manager

API returns '401 Unauthorized' or 'Invalid token provided'.

Generate a new API token in Okta Admin Console under Security > API > Tokens. The token must be created by an admin account and the token value should start with '00'. Verify OKTA_API_TOKEN is set correctly and there are no extra spaces or quotes.

OKTA_CLIENT_ORGURL format causes connection errors.

The org URL must include the full scheme and hostname with no trailing slash, e.g., 'https://dev-123456.okta.com'. Do not append '/api/v1' or any path — the server constructs API paths internally.

Docker HTTP transport fails to start without the --iunderstandtherisks flag.

HTTP and SSE transport modes require explicitly passing '--iunderstandtherisks' as a CLI argument to main.py (e.g., 'python main.py --http --iunderstandtherisks') because they expose the server over the network. The Docker image with tag ':http' already includes this flag.

Frequently Asked Questions about Okta Identity Manager

What is Okta Identity Manager?

Okta Identity Manager is a Model Context Protocol (MCP) server that okta mcp server is a groundbreaking tool built by the team at fctr that enables ai models to interact directly with your okta environment using the model context protocol (mcp). built specifically for iam engineers, security teams, and okta admin It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Okta Identity Manager?

Follow the installation instructions on the Okta Identity Manager GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Okta Identity Manager?

Okta Identity Manager works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Okta Identity Manager free to use?

Yes, Okta Identity Manager is open source and available under the Apache 2.0 license. You can use it freely in both personal and commercial projects.

Okta Identity Manager Alternatives — Similar Security Servers

Looking for alternatives to Okta Identity Manager? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "okta": { "command": "npx", "args": ["-y", "okta"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Okta Identity Manager?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides