Can I use Okta as a CLI?

Yes. KosmoKrator exposes a Okta CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Okta through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Okta tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Okta credentials stored?

Okta credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Okta MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

identity

Okta CLI for CI

Use the Okta CLI for CI with headless JSON commands, schema discovery, credentials, and permission controls.

10 functions 6 read 4 write API token auth

Submit Okta feedback View package source

Okta CLI for CI

Run integration calls from CI jobs with JSON output, explicit credentials, and predictable exit status.

Use this shape when a pipeline needs to read or update an external service. The Okta CLI uses the same integration registry as the TUI, Lua runtime, and MCP gateway, but returns predictable command output for automation.

Command Shape

# Okta CLI for CI
kosmokrator integrations:configure okta --set api_token="$OKTA_API_TOKEN" --set domain="$OKTA_DOMAIN" --enable --read allow --write ask --json
kosmo integrations:call okta.okta_list_users '{"limit":1,"q":"example_q"}' --json

Discovery Before Execution

Agents and scripts can inspect Okta docs and schemas before choosing a function.

kosmo integrations:docs okta --json
kosmo integrations:docs okta.okta_list_users --json
kosmo integrations:schema okta.okta_list_users --json
kosmo integrations:search "Okta" --json
kosmo integrations:list --json

Useful Okta CLI Functions

Function	Type	Parameters	Description
`okta.okta_list_users`	Read	limit, q	List users in the Okta organization. Returns user profiles with IDs, names, emails, and status. Supports search filtering by name or email.
`okta.okta_get_user`	Read	id	Get details for a specific Okta user by ID or login email. Returns the full user profile including status, group memberships, and assigned applications.
`okta.okta_get_current_user`	Read	none	Get the profile of the currently authenticated Okta API token owner. Useful for verifying the integration connection and identifying which service account is in use.
`okta.okta_create_user`	Write	profile, credentials, activate	Create a new user in Okta. Requires a profile with at least firstName, lastName, email, and login. Optionally provide credentials (password) and control activation.
`okta.okta_update_user`	Write	id, profile, credentials	Update an existing Okta user profile. Provide only the profile fields you want to change — other fields remain unchanged.
`okta.okta_deactivate_user`	Write	id	Deactivate an Okta user. The user will be unable to sign in but their data is retained. This action can be reversed by reactivating the user in the Okta admin console.
`okta.okta_list_groups`	Read	q	List groups in the Okta organization. Returns group names and IDs. Supports search filtering by group name.
`okta.okta_get_group`	Read	id	Get details for a specific Okta group by ID. Returns the group name, description, and type.
`okta.okta_add_user_to_group`	Write	groupId, userId	Add a user to an Okta group. The user will inherit the group's assigned applications and permissions.
`okta.okta_list_applications`	Read	none	List applications in the Okta organization. Returns application names, IDs, statuses, and types.

Automation Notes

Use --json for machine-readable output.
Keep credentials out of argv by using environment variables or stored KosmoKrator configuration.
Configure read/write policy before unattended runs; use --force only for trusted automation.
Use the MCP gateway instead when the agent needs dynamic tool discovery inside a conversation.

Related Okta CLI Pages

Cron Jobs Okta CLI for cron jobs. Shell Scripts Okta CLI for shell scripts. Headless Automation Okta CLI for headless automation. Coding Agents Okta CLI for coding agents.