Below you will find instructions for setting up your Okta account with Ploy. In order to maintain a least privileged level of access, we’ve opted to use an API integration application, rather then an admin API token.
1. Navigate to Ploy
Go to Ploy's integration page: https://app.joinploy.com/integrations
Click Okta
Enter in your Okta Domain
Please note this should be the sub-domain from the Okta login e.g. company.okta.com
2. Go to your Okta account
Select Applications on the left hand nav bar
Click Create App Integration
Select API Services and click Next
3. Name the Application (e.g. Ploy Okta Integration)
Enter Ploy or anything else that will help make it easily recognisable and press next.
4. Select "Edit" so you can start configuring the app
5. Configure "Client authentication"
Click the radio select Public key / Private Key
Select the "Add Key" button
6. Generate a new key
Click the Generate new key button in the top right of the pop-up window
7. Copy Private key
Please do not click the Generate new key button.
Instead scroll down and select the Copy to clipboard action
The click Done
8. Navigate back to Ploy
Go back to Ploy
In the Okta window that is open paste your Private Key that is currently stored in your clipboard
9. Go back to Okta
Click save again for the "Client Credentials" configuration
10. Copy the Client ID from Okta
11. Navigate to Ploy and paste the Client ID in the field
12. Go to Okta and grant the required scopes:
Ensure the following 3 scopes are granted access:
okta.users.read
okta.apps.read
okta.groups.read
okta.groups.manage
okta.logs.read
13. Assign Ploy admin roles
Next head to the admin assignments tab and add the Read only admin role and the group membership role.
14. If you're app has DPoP enabled (by default all apps after feb 2024) then click 'yes' in Ploy
15. Go back to Ploy and ensure the fields are correctly filled in and press ‘save’. (test might not work)
