identity
Okta MCP Gateway for AI Agents
Expose Okta tools to Claude Code, Cursor, Codex, and other MCP clients through the local KosmoKrator MCP gateway.
10 functions 6 read 4 write API token auth
Okta MCP Gateway
Expose Okta to MCP clients with `kosmokrator mcp:serve --integration=okta`.
If the client has never used KosmoKrator before, install it first, then register this integration as a stdio MCP server. The gateway exposes only the selected integration in the example below.
curl -fsSL https://raw.githubusercontent.com/OpenCompanyApp/kosmokrator/main/install.sh | bashkosmokrator mcp:gateway:install --integration=okta --write=deny --json{
"mcpServers": {
"kosmokrator-okta": {
"type": "stdio",
"command": "kosmo",
"args": [
"mcp:serve",
"--integration=okta",
"--write=deny"
]
}
}
}Serve Manually
kosmokrator mcp:serve --integration=okta --write=denyMCP Tool Names
KosmoKrator exposes integration tools through the gateway with stable names:
| MCP tool | Source function | Type |
|---|---|---|
integration__okta__okta_list_users | okta.okta_list_users | Read read |
integration__okta__okta_get_user | okta.okta_get_user | Read read |
integration__okta__okta_get_current_user | okta.okta_get_current_user | Read read |
integration__okta__okta_create_user | okta.okta_create_user | Write write |
integration__okta__okta_update_user | okta.okta_update_user | Write write |
integration__okta__okta_deactivate_user | okta.okta_deactivate_user | Write write |
integration__okta__okta_list_groups | okta.okta_list_groups | Read read |
integration__okta__okta_get_group | okta.okta_get_group | Read read |
integration__okta__okta_add_user_to_group | okta.okta_add_user_to_group | Write write |
integration__okta__okta_list_applications | okta.okta_list_applications | Read read |
Write Access
Start with --write=deny for read-only MCP clients. Use --write=ask or
--write=allow only when the client and workspace are trusted.