Can I use Okta as a CLI?

Yes. KosmoKrator exposes a Okta CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Okta through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Okta tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Okta credentials stored?

Okta credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Okta MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

identity

Okta MCP Integration for LangChain

Connect Okta to LangChain through the local KosmoKrator MCP gateway with scoped tools, credentials, and write policy.

10 functions 6 read 4 write API token auth

Submit Okta feedback View package source

Connect Okta to LangChain

Bridge LangChain agents to local KosmoKrator integration tools through MCP or headless CLI calls.

Use the MCP gateway when the agent should discover tools, or wrap kosmo integrations:call for fixed chains. The gateway is local, scoped to this integration, and starts with --write=deny so LangChain can inspect read-capable tools without receiving write access by default.

Okta MCP Config for LangChain

Keep the gateway scoped to the integration and operation class needed by the chain.

{
  "mcpServers": {
    "kosmokrator-okta": {
      "type": "stdio",
      "command": "kosmo",
      "args": [
        "mcp:serve",
        "--integration=okta",
        "--write=deny"
      ]
    }
  }
}

Run the Gateway Manually

kosmokrator mcp:serve --integration=okta --write=deny

Why Use KosmoKrator Here

Scoped tools

Expose only Okta instead of a broad multi-service tool list.

Local credentials

Reuse credentials already configured for the KosmoKrator CLI and Lua runtime.

Write policy

Start read-only, then opt into ask or allow for trusted workspaces.

Okta Tools Visible to LangChain

LangChain sees stable MCP tool names generated from the Okta integration catalog.

MCP tool	Source function	Type	Description
`integration__okta__okta_list_users`	`okta.okta_list_users`	Read	List users in the Okta organization. Returns user profiles with IDs, names, emails, and status. Supports search filtering by name or email.
`integration__okta__okta_get_user`	`okta.okta_get_user`	Read	Get details for a specific Okta user by ID or login email. Returns the full user profile including status, group memberships, and assigned applications.
`integration__okta__okta_get_current_user`	`okta.okta_get_current_user`	Read	Get the profile of the currently authenticated Okta API token owner. Useful for verifying the integration connection and identifying which service account is in use.
`integration__okta__okta_create_user`	`okta.okta_create_user`	Write	Create a new user in Okta. Requires a profile with at least firstName, lastName, email, and login. Optionally provide credentials (password) and control activation.
`integration__okta__okta_update_user`	`okta.okta_update_user`	Write	Update an existing Okta user profile. Provide only the profile fields you want to change — other fields remain unchanged.
`integration__okta__okta_deactivate_user`	`okta.okta_deactivate_user`	Write	Deactivate an Okta user. The user will be unable to sign in but their data is retained. This action can be reversed by reactivating the user in the Okta admin console.
`integration__okta__okta_list_groups`	`okta.okta_list_groups`	Read	List groups in the Okta organization. Returns group names and IDs. Supports search filtering by group name.
`integration__okta__okta_get_group`	`okta.okta_get_group`	Read	Get details for a specific Okta group by ID. Returns the group name, description, and type.
`integration__okta__okta_add_user_to_group`	`okta.okta_add_user_to_group`	Write	Add a user to an Okta group. The user will inherit the group's assigned applications and permissions.
`integration__okta__okta_list_applications`	`okta.okta_list_applications`	Read	List applications in the Okta organization. Returns application names, IDs, statuses, and types.

Related Okta Pages

Okta CLIUse direct JSON commands instead of MCP discovery. Okta MCPFull gateway reference and MCP tool names. KosmoKrator for LangChainClient-level gateway setup.