KosmoKrator

identity

Okta Lua API for KosmoKrator Agents

Agent-facing Lua documentation and function reference for the Okta KosmoKrator integration.

10 functions 6 read 4 write API token auth
Submit Okta feedback View package source

Lua Namespace

Agents call this integration through app.integrations.okta.*. Use lua_read_doc("integrations.okta") inside KosmoKrator to discover the same reference at runtime.

Agent-Facing Lua Docs

This is the rendered version of the full Lua documentation exposed to agents when they inspect the integration namespace.

Okta — Lua API Reference

okta_list_users

List users in the Okta organization.

Parameters

NameTypeRequiredDescription
limitintegernoMaximum number of users to return (1–200, default: 200)
qstringnoSearch query to filter users by first name, last name, or email

Example

-- List all users
local result = app.integrations.okta.list_users({})

for _, user in ipairs(result) do
  print(user.profile.login .. " — " .. user.profile.firstName .. " " .. user.profile.lastName .. " (" .. user.status .. ")")
end

-- Search for a user
local result = app.integrations.okta.list_users({ q = "john" })

okta_get_user

Get details for a specific Okta user.

Parameters

NameTypeRequiredDescription
idstringyesOkta user ID or login email address

Example

local user = app.integrations.okta.get_user({ id = "00u1a2b3c4d5e6f7g8h9" })
print(user.profile.login)
print(user.profile.email)
print(user.status)

okta_get_current_user

Get the profile of the currently authenticated API token owner.

Parameters

None.

Example

local me = app.integrations.okta.get_current_user({})
print("Connected as: " .. me.profile.login)

okta_create_user

Create a new user in Okta.

Parameters

NameTypeRequiredDescription
profileobjectyesUser profile. Required: firstName, lastName, email, login
credentialsobjectnoUser credentials, e.g. { password = { value = "TempPass123!" } }
activatebooleannoActivate immediately (default: true)

Profile Fields

FieldTypeDescription
firstNamestringRequired. First name
lastNamestringRequired. Last name
emailstringRequired. Primary email
loginstringRequired. Login username (often same as email)
mobilePhonestringMobile phone number
secondEmailstringBackup email
titlestringJob title
departmentstringDepartment name
organizationstringOrganization name

Example

local user = app.integrations.okta.create_user({
  profile = {
    firstName = "Jane",
    lastName = "Doe",
    email = "[email protected]",
    login = "[email protected]",
    title = "Software Engineer",
    department = "Engineering"
  },
  activate = true
})

print("Created user: " .. user.id)

With password

local user = app.integrations.okta.create_user({
  profile = {
    firstName = "Jane",
    lastName = "Doe",
    email = "[email protected]",
    login = "[email protected]"
  },
  credentials = {
    password = { value = "TempPass123!" }
  },
  activate = true
})

okta_update_user

Update an existing Okta user profile.

Parameters

NameTypeRequiredDescription
idstringyesOkta user ID or login email
profileobjectyesFields to update (only include what you want to change)
credentialsobjectnoUpdated credentials

Example

local user = app.integrations.okta.update_user({
  id = "00u1a2b3c4d5e6f7g8h9",
  profile = {
    title = "Senior Engineer",
    department = "Platform"
  }
})

okta_deactivate_user

Deactivate an Okta user. The user cannot sign in but data is retained.

Parameters

NameTypeRequiredDescription
idstringyesOkta user ID or login email

Example

app.integrations.okta.deactivate_user({ id = "00u1a2b3c4d5e6f7g8h9" })
print("User deactivated")

okta_list_groups

List groups in the Okta organization.

Parameters

NameTypeRequiredDescription
qstringnoSearch query to filter groups by name

Example

-- List all groups
local groups = app.integrations.okta.list_groups({})
for _, group in ipairs(groups) do
  print(group.id .. ": " .. group.profile.name)
end

-- Search for a group
local groups = app.integrations.okta.list_groups({ q = "Engineering" })

okta_get_group

Get details for a specific Okta group.

Parameters

NameTypeRequiredDescription
idstringyesOkta group ID

Example

local group = app.integrations.okta.get_group({ id = "00g1a2b3c4d5e6f7g8h9" })
print(group.profile.name)
print(group.profile.description or "(no description)")

okta_add_user_to_group

Add a user to an Okta group.

Parameters

NameTypeRequiredDescription
groupIdstringyesOkta group ID
userIdstringyesOkta user ID

Example

app.integrations.okta.add_user_to_group({
  groupId = "00g1a2b3c4d5e6f7g8h9",
  userId = "00u1a2b3c4d5e6f7g8h9"
})
print("User added to group")

okta_list_applications

List applications in the Okta organization.

Parameters

None.

Example

local apps = app.integrations.okta.list_applications({})
for _, app in ipairs(apps) do
  print(app.id .. ": " .. app.label .. " (" .. app.status .. ")")
end

Multi-Account Usage

If you have multiple Okta organizations configured, use account-specific namespaces:

-- Default account (always works)
app.integrations.okta.list_users({})

-- Explicit default (portable across setups)
app.integrations.okta.default.list_users({})

-- Named accounts
app.integrations.okta.production.list_users({})
app.integrations.okta.staging.list_users({})

All functions are identical across accounts — only the credentials differ.

Raw agent markdown 
# Okta — Lua API Reference

## okta_list_users

List users in the Okta organization.

### Parameters

| Name | Type | Required | Description |
|------|------|----------|-------------|
| `limit` | integer | no | Maximum number of users to return (1–200, default: 200) |
| `q` | string | no | Search query to filter users by first name, last name, or email |

### Example

```lua
-- List all users
local result = app.integrations.okta.list_users({})

for _, user in ipairs(result) do
  print(user.profile.login .. " — " .. user.profile.firstName .. " " .. user.profile.lastName .. " (" .. user.status .. ")")
end

-- Search for a user
local result = app.integrations.okta.list_users({ q = "john" })
```

---

## okta_get_user

Get details for a specific Okta user.

### Parameters

| Name | Type | Required | Description |
|------|------|----------|-------------|
| `id` | string | yes | Okta user ID or login email address |

### Example

```lua
local user = app.integrations.okta.get_user({ id = "00u1a2b3c4d5e6f7g8h9" })
print(user.profile.login)
print(user.profile.email)
print(user.status)
```

---

## okta_get_current_user

Get the profile of the currently authenticated API token owner.

### Parameters

None.

### Example

```lua
local me = app.integrations.okta.get_current_user({})
print("Connected as: " .. me.profile.login)
```

---

## okta_create_user

Create a new user in Okta.

### Parameters

| Name | Type | Required | Description |
|------|------|----------|-------------|
| `profile` | object | yes | User profile. Required: `firstName`, `lastName`, `email`, `login` |
| `credentials` | object | no | User credentials, e.g. `{ password = { value = "TempPass123!" } }` |
| `activate` | boolean | no | Activate immediately (default: `true`) |

### Profile Fields

| Field | Type | Description |
|-------|------|-------------|
| `firstName` | string | **Required.** First name |
| `lastName` | string | **Required.** Last name |
| `email` | string | **Required.** Primary email |
| `login` | string | **Required.** Login username (often same as email) |
| `mobilePhone` | string | Mobile phone number |
| `secondEmail` | string | Backup email |
| `title` | string | Job title |
| `department` | string | Department name |
| `organization` | string | Organization name |

### Example

```lua
local user = app.integrations.okta.create_user({
  profile = {
    firstName = "Jane",
    lastName = "Doe",
    email = "[email protected]",
    login = "[email protected]",
    title = "Software Engineer",
    department = "Engineering"
  },
  activate = true
})

print("Created user: " .. user.id)
```

### With password

```lua
local user = app.integrations.okta.create_user({
  profile = {
    firstName = "Jane",
    lastName = "Doe",
    email = "[email protected]",
    login = "[email protected]"
  },
  credentials = {
    password = { value = "TempPass123!" }
  },
  activate = true
})
```

---

## okta_update_user

Update an existing Okta user profile.

### Parameters

| Name | Type | Required | Description |
|------|------|----------|-------------|
| `id` | string | yes | Okta user ID or login email |
| `profile` | object | yes | Fields to update (only include what you want to change) |
| `credentials` | object | no | Updated credentials |

### Example

```lua
local user = app.integrations.okta.update_user({
  id = "00u1a2b3c4d5e6f7g8h9",
  profile = {
    title = "Senior Engineer",
    department = "Platform"
  }
})
```

---

## okta_deactivate_user

Deactivate an Okta user. The user cannot sign in but data is retained.

### Parameters

| Name | Type | Required | Description |
|------|------|----------|-------------|
| `id` | string | yes | Okta user ID or login email |

### Example

```lua
app.integrations.okta.deactivate_user({ id = "00u1a2b3c4d5e6f7g8h9" })
print("User deactivated")
```

---

## okta_list_groups

List groups in the Okta organization.

### Parameters

| Name | Type | Required | Description |
|------|------|----------|-------------|
| `q` | string | no | Search query to filter groups by name |

### Example

```lua
-- List all groups
local groups = app.integrations.okta.list_groups({})
for _, group in ipairs(groups) do
  print(group.id .. ": " .. group.profile.name)
end

-- Search for a group
local groups = app.integrations.okta.list_groups({ q = "Engineering" })
```

---

## okta_get_group

Get details for a specific Okta group.

### Parameters

| Name | Type | Required | Description |
|------|------|----------|-------------|
| `id` | string | yes | Okta group ID |

### Example

```lua
local group = app.integrations.okta.get_group({ id = "00g1a2b3c4d5e6f7g8h9" })
print(group.profile.name)
print(group.profile.description or "(no description)")
```

---

## okta_add_user_to_group

Add a user to an Okta group.

### Parameters

| Name | Type | Required | Description |
|------|------|----------|-------------|
| `groupId` | string | yes | Okta group ID |
| `userId` | string | yes | Okta user ID |

### Example

```lua
app.integrations.okta.add_user_to_group({
  groupId = "00g1a2b3c4d5e6f7g8h9",
  userId = "00u1a2b3c4d5e6f7g8h9"
})
print("User added to group")
```

---

## okta_list_applications

List applications in the Okta organization.

### Parameters

None.

### Example

```lua
local apps = app.integrations.okta.list_applications({})
for _, app in ipairs(apps) do
  print(app.id .. ": " .. app.label .. " (" .. app.status .. ")")
end
```

---

## Multi-Account Usage

If you have multiple Okta organizations configured, use account-specific namespaces:

```lua
-- Default account (always works)
app.integrations.okta.list_users({})

-- Explicit default (portable across setups)
app.integrations.okta.default.list_users({})

-- Named accounts
app.integrations.okta.production.list_users({})
app.integrations.okta.staging.list_users({})
```

All functions are identical across accounts — only the credentials differ.

Metadata-Derived Lua Example

local result = app.integrations.okta.okta_list_users({
  limit = 1,
  q = "example_q"
})
print(result)

Functions

okta_list_users

List users in the Okta organization. Returns user profiles with IDs, names, emails, and status. Supports search filtering by name or email.

Operation
Read read
Full name
okta.okta_list_users
ParameterTypeRequiredDescription
limit integer no Maximum number of users to return (1–200, default: 200).
q string no Search query to filter users by first name, last name, or email.

okta_get_user

Get details for a specific Okta user by ID or login email. Returns the full user profile including status, group memberships, and assigned applications.

Operation
Read read
Full name
okta.okta_get_user
ParameterTypeRequiredDescription
id string yes The Okta user ID or login email address.

okta_get_current_user

Get the profile of the currently authenticated Okta API token owner. Useful for verifying the integration connection and identifying which service account is in use.

Operation
Read read
Full name
okta.okta_get_current_user
ParameterTypeRequiredDescription
No parameters.

okta_create_user

Create a new user in Okta. Requires a profile with at least firstName, lastName, email, and login. Optionally provide credentials (password) and control activation.

Operation
Write write
Full name
okta.okta_create_user
ParameterTypeRequiredDescription
profile object yes User profile object. Required fields: firstName, lastName, email, login. Optional: mobilePhone, secondEmail, title, department, organization, etc.
credentials object no User credentials. Example: {"password": {"value": "TempPass123!"}}. Omit to let Okta send an activation email.
activate boolean no Whether to activate the user immediately (default: true). If false, the user is created in STAGED status.

okta_update_user

Update an existing Okta user profile. Provide only the profile fields you want to change — other fields remain unchanged.

Operation
Write write
Full name
okta.okta_update_user
ParameterTypeRequiredDescription
id string yes The Okta user ID or login email to update.
profile object yes Updated profile fields. Only include fields you want to change (e.g., firstName, lastName, email, title, department, etc.).
credentials object no Updated credentials (e.g., new password). Optional.

okta_deactivate_user

Deactivate an Okta user. The user will be unable to sign in but their data is retained. This action can be reversed by reactivating the user in the Okta admin console.

Operation
Write write
Full name
okta.okta_deactivate_user
ParameterTypeRequiredDescription
id string yes The Okta user ID or login email to deactivate.

okta_list_groups

List groups in the Okta organization. Returns group names and IDs. Supports search filtering by group name.

Operation
Read read
Full name
okta.okta_list_groups
ParameterTypeRequiredDescription
q string no Search query to filter groups by name.

okta_get_group

Get details for a specific Okta group by ID. Returns the group name, description, and type.

Operation
Read read
Full name
okta.okta_get_group
ParameterTypeRequiredDescription
id string yes The Okta group ID.

okta_add_user_to_group

Add a user to an Okta group. The user will inherit the group's assigned applications and permissions.

Operation
Write write
Full name
okta.okta_add_user_to_group
ParameterTypeRequiredDescription
groupId string yes The Okta group ID.
userId string yes The Okta user ID.

okta_list_applications

List applications in the Okta organization. Returns application names, IDs, statuses, and types.

Operation
Read read
Full name
okta.okta_list_applications
ParameterTypeRequiredDescription
No parameters.