Okta Identity Manager
The Okta MCP Server is a groundbreaking tool built by the team at Fctr that enables AI models to interact directly with your Okta environment using the Model Context Protocol (MCP). Built specifically for IAM engineers, security teams, and Okta admin
What is Okta Identity Manager?
Okta Identity Manager is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to okta mcp server is a groundbreaking tool built by the team at fctr that enables ai models to interact directly with your okta environment using the model context protocol (mcp). built specifically for...
The Okta MCP Server is a groundbreaking tool built by the team at Fctr that enables AI models to interact directly with your Okta environment using the Model Context Protocol (MCP). Built specifically for IAM engineers, security teams, and Okta admin
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- The Okta MCP Server is a groundbreaking tool built by the te
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx oktaConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Okta Identity Manager
The Okta MCP Server, built by the team at Fctr, connects AI assistants directly to your Okta environment via the Okta Management API, enabling natural-language identity and access management for IAM engineers, security teams, and Okta administrators. It exposes tools for listing and inspecting users, groups, applications, policy rules, network zones, and system event logs, plus two advanced analysis tools that perform complete user application access evaluations and login risk assessments — including VPN/Tor detection and geographic impossibility checks. Security teams use it to automate routine Okta administration, investigate suspicious login activity, and audit user permissions without switching to the Okta admin console. It supports STDIO, HTTP, and SSE transports and can be deployed via Docker.
Prerequisites
- Python 3.10 or newer with pip installed
- An Okta organization URL (e.g., https://dev-123456.okta.com)
- An Okta API token with read access to users, groups, applications, logs, and policies
- An MCP-compatible client such as Claude Desktop or Cursor
- Optional: Docker for containerized deployment
Clone the Okta MCP Server repository
Clone the fctr-id/okta-mcp-server repository from GitHub and enter the project directory.
git clone https://github.com/fctr-id/okta-mcp-server.git
cd okta-mcp-serverCreate a Python virtual environment and install dependencies
Set up an isolated Python environment and install all required packages from requirements.txt.
python -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -r requirements.txtConfigure your Okta credentials
Set the OKTA_CLIENT_ORGURL and OKTA_API_TOKEN environment variables. Create a .env file in the project root for convenience.
OKTA_CLIENT_ORGURL=https://dev-123456.okta.com
OKTA_API_TOKEN=00your_okta_api_token_hereTest the server in STDIO mode
Run the server directly using Python to verify it connects to your Okta org before adding it to a client. STDIO mode is the recommended and most secure transport.
python main.pyAdd to Claude Desktop configuration
Register the Okta MCP Server with Claude Desktop by adding this block to your claude_desktop_config.json file, using the full path to your Python executable and main.py.
{
"mcpServers": {
"okta": {
"command": "/path/to/okta-mcp-server/venv/bin/python",
"args": ["/path/to/okta-mcp-server/main.py"],
"env": {
"OKTA_CLIENT_ORGURL": "https://dev-123456.okta.com",
"OKTA_API_TOKEN": "00your_okta_api_token_here"
}
}
}
}Optional: Deploy via Docker with HTTP transport
For shared team use, deploy the server as a Docker container with HTTP transport. Note the --iunderstandtherisks flag required for non-STDIO modes.
docker run -d -p 3000:3000 \
-e OKTA_API_TOKEN=00your_okta_api_token_here \
-e OKTA_CLIENT_ORGURL=https://dev-123456.okta.com \
fctrid/okta-mcp-server:httpOkta Identity Manager Examples
Client configuration (Claude Desktop)
Full Claude Desktop configuration for the Okta MCP Server using STDIO transport with the virtual environment Python binary.
{
"mcpServers": {
"okta": {
"command": "/path/to/okta-mcp-server/venv/bin/python",
"args": ["/path/to/okta-mcp-server/main.py"],
"env": {
"OKTA_CLIENT_ORGURL": "https://dev-123456.okta.com",
"OKTA_API_TOKEN": "00your_okta_api_token_here"
}
}
}
}Prompts to try
Example security and IAM investigation prompts that leverage the Okta MCP Server's user management and risk analysis tools.
- "Can user [email protected] access the Salesforce application? Show me the policy reasoning."
- "Is [email protected]'s recent login activity suspicious? Check for VPN usage and geographic anomalies."
- "List all users in the 'Engineering' group and their assigned applications."
- "Show me Okta system event logs for failed MFA attempts in the last 24 hours."
- "Which network zones are configured and what IP ranges do they cover?"Troubleshooting Okta Identity Manager
API returns '401 Unauthorized' or 'Invalid token provided'.
Generate a new API token in Okta Admin Console under Security > API > Tokens. The token must be created by an admin account and the token value should start with '00'. Verify OKTA_API_TOKEN is set correctly and there are no extra spaces or quotes.
OKTA_CLIENT_ORGURL format causes connection errors.
The org URL must include the full scheme and hostname with no trailing slash, e.g., 'https://dev-123456.okta.com'. Do not append '/api/v1' or any path — the server constructs API paths internally.
Docker HTTP transport fails to start without the --iunderstandtherisks flag.
HTTP and SSE transport modes require explicitly passing '--iunderstandtherisks' as a CLI argument to main.py (e.g., 'python main.py --http --iunderstandtherisks') because they expose the server over the network. The Docker image with tag ':http' already includes this flag.
Frequently Asked Questions about Okta Identity Manager
What is Okta Identity Manager?
Okta Identity Manager is a Model Context Protocol (MCP) server that okta mcp server is a groundbreaking tool built by the team at fctr that enables ai models to interact directly with your okta environment using the model context protocol (mcp). built specifically for iam engineers, security teams, and okta admin It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Okta Identity Manager?
Follow the installation instructions on the Okta Identity Manager GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Okta Identity Manager?
Okta Identity Manager works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Okta Identity Manager free to use?
Yes, Okta Identity Manager is open source and available under the Apache 2.0 license. You can use it freely in both personal and commercial projects.
Okta Identity Manager Alternatives — Similar Security Servers
Looking for alternatives to Okta Identity Manager? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Okta Identity Manager in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Okta Identity Manager?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.