Okta User Management MCP server for AI agents

The Okta MCP Server enables Claude to interact with Okta's user management system, providing comprehensive user and group management capabilities along with onboarding automation. This tool allows Claude to retrieve user information, manage groups, and automate onboarding processes through direct integration with Okta's API.

Prerequisites

Node.js (v16 or higher)
Claude Desktop App
Okta Developer Account
Admin API Token from Okta

Installation

Create an Okta Developer Account

Go to the Okta Developer Console
Create a new account or sign in to an existing one
Note your Okta domain (e.g., dev-123456.okta.com)

Create an API Token

In the Okta Developer Console, go to Security > API > Tokens
Click "Create Token"
Give your token a meaningful name (e.g., "MCP Server Token")
Copy the token value (you won't be able to see it again)

Set Up the MCP Server

Install dependencies:
```
npm install
```

Configure Claude Desktop:

For MacOS:

code ~/Library/Application\ Support/Claude/claude_desktop_config.json

For Windows:

code %AppData%\Claude\claude_desktop_config.json

Add or update the configuration:

{
    "mcpServers": {
        "okta": {
            "command": "node",
            "args": [
                "PATH_TO_PROJECT_DIRECTORY/dist/index.js"
            ],
            "env": {
                "OKTA_ORG_URL": "https://your-domain.okta.com",
                "OKTA_API_TOKEN": "your-api-token"
            }
        }
    }
}

Save the file and restart Claude Desktop.

Available Features

User Management

Get User Information

Retrieves detailed user information including ID, status, personal information, and employment details.

Example prompts:

"Show me details for user with userId XXXX"
"What's the status of user [email protected]"

List Users

Lists users from Okta with optional filtering:

Example prompts:

"List all users in the marketing department"
"Find users created in the last month"

User Status Management

Manage user statuses in Okta:

Example prompts:

"Activate user with ID XXXX"
"Suspend user with ID XXXX"
"Delete deactivated user with ID XXXX"

User Location Information

Get a user's last login location:

Example prompt:

"Where did user XXXX last log in from?"

Group Management

List and Search Groups

View groups in your Okta organization:

Example prompts:

"Show me all groups in my Okta organization"
"List groups containing the word 'admin'"

Create and Manage Groups

Perform group management operations:

Example prompts:

"Create a new group called 'Marketing Team'"
"Get details for group with ID XXXX"
"Delete group with ID XXXX"

User-Group Management

Manage user membership in groups:

Example prompts:

"Add user XXXX to group YYYY"
"Remove user XXXX from group YYYY"
"List all users in the 'Finance' group"

Onboarding Automation

Bulk User Import

Import multiple users from CSV data:

Example prompt:

"Import these users from CSV data: [CSV content]"

Group Assignment

Assign users to groups based on attributes:

Example prompt:

"Assign users to groups based on their department attribute"

Application Provisioning

Provision application access for users:

Example prompt:

"Provision application access for these 5 users"

Complete Onboarding Workflow

Run a full onboarding process:

Example prompt:

"Run a complete onboarding workflow for these new hires: [CSV content]"

CSV Format for Onboarding

When using bulk import or onboarding workflow tools, your CSV should include:

firstName,lastName,email,department,title,mobilePhone
John,Doe,[email protected],Engineering,Senior Developer,+1-555-123-4567
Jane,Smith,[email protected],Marketing,Director,+1-555-987-6543

Required fields:

firstName
lastName
email

Optional fields:

department
title
mobilePhone

Troubleshooting

Common Issues

Tools not appearing in Claude:

Check Claude Desktop logs: tail -f ~/Library/Logs/Claude/mcp*.log
Verify all environment variables are set correctly
Ensure the path to index.js is absolute and correct

Authentication Errors:

Verify your API token is valid
Check if OKTA_ORG_URL includes the full URL with https://
Ensure your Okta domain is correct

Viewing Logs

For MacOS/Linux:

tail -n 20 -f ~/Library/Logs/Claude/mcp*.log

For Windows:

Get-Content -Path "$env:AppData\Claude\Logs\mcp*.log" -Wait -Tail 20

Environment Variables

Verify these variables in your configuration:

OKTA_ORG_URL: Complete URL (e.g., "https://dev-123456.okta.com")
OKTA_API_TOKEN: Valid API token

How to add this MCP server to Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cursor-rules-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "cursor-rules-mcp"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.