Can I use Okta as a CLI?

Yes. KosmoKrator exposes a Okta CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Okta through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Okta tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Okta credentials stored?

Okta credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Okta MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

identity

Okta MCP Integration for LangGraph

Connect Okta to LangGraph through the local KosmoKrator MCP gateway with scoped tools, credentials, and write policy.

10 functions 6 read 4 write API token auth

Submit Okta feedback View package source

Connect Okta to LangGraph

Run KosmoKrator integration calls from LangGraph nodes while preserving local credentials and permissions.

Use a graph node that calls the KosmoKrator CLI for deterministic steps or an MCP client for dynamic tool selection. The gateway is local, scoped to this integration, and starts with --write=deny so LangGraph can inspect read-capable tools without receiving write access by default.

Okta MCP Config for LangGraph

Headless CLI calls fit repeatable graph edges; MCP fits exploratory agent nodes.

{
  "mcpServers": {
    "kosmokrator-okta": {
      "type": "stdio",
      "command": "kosmo",
      "args": [
        "mcp:serve",
        "--integration=okta",
        "--write=deny"
      ]
    }
  }
}

Run the Gateway Manually

kosmokrator mcp:serve --integration=okta --write=deny

Why Use KosmoKrator Here

Scoped tools

Expose only Okta instead of a broad multi-service tool list.

Local credentials

Reuse credentials already configured for the KosmoKrator CLI and Lua runtime.

Write policy

Start read-only, then opt into ask or allow for trusted workspaces.

Okta Tools Visible to LangGraph

LangGraph sees stable MCP tool names generated from the Okta integration catalog.

MCP tool	Source function	Type	Description
`integration__okta__okta_list_users`	`okta.okta_list_users`	Read	List users in the Okta organization. Returns user profiles with IDs, names, emails, and status. Supports search filtering by name or email.
`integration__okta__okta_get_user`	`okta.okta_get_user`	Read	Get details for a specific Okta user by ID or login email. Returns the full user profile including status, group memberships, and assigned applications.
`integration__okta__okta_get_current_user`	`okta.okta_get_current_user`	Read	Get the profile of the currently authenticated Okta API token owner. Useful for verifying the integration connection and identifying which service account is in use.
`integration__okta__okta_create_user`	`okta.okta_create_user`	Write	Create a new user in Okta. Requires a profile with at least firstName, lastName, email, and login. Optionally provide credentials (password) and control activation.
`integration__okta__okta_update_user`	`okta.okta_update_user`	Write	Update an existing Okta user profile. Provide only the profile fields you want to change — other fields remain unchanged.
`integration__okta__okta_deactivate_user`	`okta.okta_deactivate_user`	Write	Deactivate an Okta user. The user will be unable to sign in but their data is retained. This action can be reversed by reactivating the user in the Okta admin console.
`integration__okta__okta_list_groups`	`okta.okta_list_groups`	Read	List groups in the Okta organization. Returns group names and IDs. Supports search filtering by group name.
`integration__okta__okta_get_group`	`okta.okta_get_group`	Read	Get details for a specific Okta group by ID. Returns the group name, description, and type.
`integration__okta__okta_add_user_to_group`	`okta.okta_add_user_to_group`	Write	Add a user to an Okta group. The user will inherit the group's assigned applications and permissions.
`integration__okta__okta_list_applications`	`okta.okta_list_applications`	Read	List applications in the Okta organization. Returns application names, IDs, statuses, and types.

Related Okta Pages

Okta CLIUse direct JSON commands instead of MCP discovery. Okta MCPFull gateway reference and MCP tool names. KosmoKrator for LangGraphClient-level gateway setup.