Skip to main content
Skip table of contents

Configure the Okta Beat

Many of the steps shown in this section pertain to setting up a development environment. For a production environment, skip these steps and go directly to Okta API Tokens.

Create your Okta Organization

To start, you need an Okta developer edition organization. An org a private data space Okta provisions for you, to hold all the resources you create to handle user authentication. The free edition of an org handle authentication for up to 1,000 users. If you find you need more capacity, upgrade to a paid org.

Create an account on our website:

  1. Go to:

  2. Fill out the form. You will need to supply:

    • email address
    • first name
    • last name
    • company
    • country
    • state/province
  3. Click to agree to the terms.

  4. Click Get Started.
    You receive an email to activate your account. The email gives you a temporary password and provides your Okta domain.

  5. Record your Okta domain and your temporary password and then click Activate your account in the email.

    Your Okta domain is important: It’s the base of the URL you use to access your organization. Authorization requests for users will be directed to an endpoint that has this as its base, and any Okta API endpoints you call will also have this URL as their base.
  6. You will be prompted to sign in to your organization. Supply your email address and the temporary password that was provided in the email.

  7. You will be prompted to change your password, choose a security question, and choose a security image. This security image is displayed whenever Okta prompts you to sign in, providing some assurance that it’s Okta asking.

The Developer Console

The Developer Console is the web UI that provides you with a window into your org, and allows you to configure and manage it. The URL to access your Developer Console consists of your Okta domain plus -admin, for example,


After logging on to the Developer Console, you see the Dashboard, a landing page that provides a summary of activity in your org.

The Dashboard shows statistics for:

  • Overview
  • Status
  • Tasks
  • Security Monitoring

Register Your Application

Skip this step if you have already registered your application in Okta. Here we have integrated DUO for illustration purpose. Integration steps depend on the application to which user want to integrate okta application .

To register an application:

  1. Sign in to your Okta organization with your administrator account.
  2. From the Admin Console, navigate to Applications > Applications.
  3. Click Add Application.
  4. Use the search bar to find the application that you want to integrate with Okta. For more detail, refer to the Integrate Okta with the Duo Admin Panel section.

Integrate Okta with the Duo Admin Panel

  1. Log on to your Duo Admin Panel instance.
  2. Navigate to Administrators > Admin Login Settings.
  3. Select Required in the Authentication with SAML box.

    Administrators, except Owners, will be required to sign in with Okta.

  4. Enter the Following:

    In the SAML Identity Provider Settings section:

    • Identity provider: Select Okta.

    • Configuration method: Select Paste.

    • Metadata XML: Copy and paste the following:

      <?xml version="1.0" encoding="UTF-8"?>
      <md:EntityDescriptor entityID=""
          <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
              <md:KeyDescriptor use="signing">
              <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=""/>
              <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=""/>

    In the Metadata for Configuring with Okta section, copy the SAML URL value.

    This value will be used in Step 7.

  5. Click Save.

  6. In Okta, select the Sign On tab for the Duo Admin Panel SAML app, and click Edit.

  7. Scroll down to ADVANCED SIGN-ON SETTINGS and enter your SAML URL value (from step 4).

  8. Click Save.

Okta API Tokens


Okta API tokens are used to authenticate requests made to Okta APIs.

When calling an Okta API endpoint, you must supply a valid API token in the HTTP Authorization header, with a valid token specified as the header value. The value must be prefixed with the identifier SSWS, which specifies the proprietary authentication scheme Okta uses. For example:

Authorization: SSWS 00QCjAl4MlV-WPXM...0HmjFx-vbGua

Privilege level

Different Okta API operations require different admin privilege levels. API tokens inherit the privilege level of the admin account used to create them. It is therefore good practice to create a service account to use when you create API tokens, so that you can assign the token the specific privilege level needed. See Administrators for admin account types and the specific privileges of each.

Create the token 

To create an API token:

  1. Sign in  to your Okta organization as a user with administrator privileges.

    API tokens have the same permissions as the user who created them, and if the user permissions change, the API token permissions also change. See Privilege level, regarding the use of a service account when creating an API token, to specifically control the privilege level associated with the token.

    If you don't have an Okta organization, you can create one for free.

  2. To access the API page, select API from the menu.

  3. Click Create Token.

  4. Name your token and click Create Token.

  5. Record the token value. This is the only opportunity to see and record it.

Token expiration and deactivation

Tokens expire automatically after a certain period, but can also be manually deactivated at any time.

Token expiration

Tokens are valid for 30 days from creation or last use, so that the 30 day expiration automatically refreshes with each API call.

Tokens that aren't used for 30 days expire.

The 30-day period is currently fixed and cannot be changed for your organization.

Token deactivation

If a user account is deactivated in Okta, any API tokens created by that user account are deactivated at the same time.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.