Dex
← All integrations
Okta logo
Directory & Identity

Okta

Run Okta user, group, and app-assignment operations in natural language.

Dex connects to Okta over the Admin API with a Super Admin-issued token and lets admins and employees execute everyday identity operations — creating and suspending users, managing group memberships, assigning apps, resetting passwords, unlocking accounts — with policy evaluation and audit logs on every write.

Book a Demo

What Dex does with Okta

Dex handles both admin workflows and employee self-service — all policy-guardrailed and audit-logged.

A

For admins (CoAdmin)

  • Create, update, suspend, deactivate, activate, and unlock Okta users
  • Reset passwords (send reset email or set a temporary password directly)
  • Search users by name, email, status, or profile.department with OData filters
  • Create, update, and delete OKTA_GROUP groups and manage their memberships
  • Assign and unassign users to applications (SAML, SWA, OIDC apps)
  • Inspect a user's groups, apps, and assigned admin roles (SUPER_ADMIN, HELP_DESK_ADMIN, etc.)
  • Audit every mutating action through Dex activity logs and Okta System Log
E

For employees (self-service)

  • Reset your own Okta password via email link
  • Unlock your own account when locked out from failed login attempts
  • Request membership to an Okta group (routes through the configured approver group)
  • Request access to a SaaS application assigned through Okta
  • View your own Okta profile, groups, and assigned applications

Just ask Dex

Your team types a request in plain language. Dex investigates, plans, and executes — with the right guardrails.

Admin prompts

  • >Suspend every user in the Finance org unit who hasn't signed in for 60 days
  • >Create an Okta user for maya.chen@acme.com in the Engineering department with the "Engineers" group and Salesforce app assigned
  • >Reset the password for john.doe@acme.com and send him the reset email
  • >Add everyone in the "New Hires - April" group to the "Slack", "Zoom", and "Notion" apps
  • >Show me all users with the HELP_DESK_ADMIN or SUPER_ADMIN role and which groups they belong to
  • >Create a new OKTA_GROUP called "Contractors-Q2" and add these 8 users to it

Employee prompts

  • >Reset my Okta password — I can't remember it
  • >I'm locked out of Okta, please unlock my account
  • >Request access to the "Engineering - Backend" Okta group so I can see our repos
  • >Give me access to Figma through Okta
  • >Show me every app I have access to in Okta

Policy actions

Every action Dex can take on Okta is declared, scoped, and guardrailed. Admins control which apply, who approves them, and whether they're limited to self-service.

ActionWhat it does
password_resetReset a user's Okta password (self-service sends reset email)
user_suspendSuspend or unsuspend an Okta user (excludes privileged admins)
group_membershipAdd or remove members from an OKTA_GROUP
okta_create_userCreate a new Okta user account
okta_update_userUpdate a user's profile fields (self-only by default)
okta_app_assignmentAssign or unassign an application to an Okta user
okta_manage_groupCreate, update, or delete Okta groups

How to configure Okta

Onboarding takes minutes. Dex validates your credentials before saving them.

Setup steps

  1. 1
    Sign in to your Okta admin console as a Super Administrator.
  2. 2
    Go to Security → API → Tokens and click "Create Token". Give it a name (e.g. "Dex Autonomous IT").
  3. 3
    Copy the token value immediately — Okta only shows it once. It inherits the creator's permissions, so the token must be created by a Super Admin.
  4. 4
    Note your Okta org domain (e.g. acme.okta.com or acme-admin.okta.com — use the non-admin domain).
  5. 5
    In Dex, enable the Okta integration and paste the API token and domain. Dex validates them with a GET /api/v1/users/me call before saving.
  6. 6
    Run Okta discovery in Dex — it auto-discovers groups, apps, admin roles, and suggests approver groups from users holding admin roles.
Vendor documentation ↗

Credentials required

apiToken
Okta API token created in Admin Console → Security → API → Tokens (must be created by a Super Admin)
domain
Okta organization domain, e.g. company.okta.com (not the -admin variant)

Requirements

  • Super Administrator access to create the API token — token permissions match the creator's
  • API tokens are valid for 30 days of inactivity; rotate before they expire
  • Only OKTA_GROUP groups can have memberships modified via API — APP_GROUP and BUILT_IN groups are read-only
  • Okta API rate limits are per-org and per-endpoint — Dex respects 429 responses with automatic backoff

Related integrations

See Dex run Okta

Book a 30-minute walkthrough with our team and see how autonomous IT works in your environment — or get started for free.

Book a DemoBrowse all integrations →