playbooks

home / mcp / okta mcp server (v0.1.1-beta) mcp server

Okta MCP Server (v0.1.1-BETA) MCP Server

The Okta MCP Server is a groundbreaking tool built by the team at Fctr that enables AI models to interact directly with your Okta environment using the Model Context Protocol (MCP). Built specifically for IAM engineers, security teams, and Okta administrators, it implements the MCP specification to help work with Okta enitities

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "fctr-id-okta-mcp-server": {
      "command": "DIR/okta-mcp-server/venv/Scripts/python",
      "args": [
        "DIR/okta-mcp-server/main.py"
      ],
      "env": {
        "OKTA_API_TOKEN": "OKTA_API_TOKEN",
        "OKTA_CLIENT_ORGURL": "https://dev-1606.okta.com"
      }
    }
  }
}

You can use the Okta MCP Server to let AI models securely interact with your Okta environment through the Model Context Protocol (MCP). This enables automated access analysis, risk assessment, and streamlined administration tasks by exposing carefully described tools that let AI assistants query Okta data and perform defined actions within a controlled, evaluable framework.

How to use

You will run the MCP server locally and connect your MCP client (such as Claude Desktop or a compatible AI assistant) to a local or containerized Python process. Use the provided standard I/O transport for desktop integrations or explore HTTP transports if your client supports real-time streaming.

How to install

Prerequisites you need before starting:

- Python 3.8+ installed on your machine

- An Okta tenant with API access permissions

- A MCP-compatible AI client (for example Claude Desktop or other MCP-enabled clients)

Additional sections

Configuration and usage details are gathered below. You will set up environment variables for Okta access, run the server using Python, and configure your MCP client to connect via the supported transport mode. Security considerations emphasize least-privilege operation and read-only access by default, with explicit approval flows for any write operations.

Available tools

analyze_user_app_access

Comprehensive user application access evaluation with policy analysis to replace multi-step manual checks.

analyze_login_risk

In-depth login behavior analysis including VPN/Tor detection and geographic impossibility checks to evaluate risk.