Okta Integration

Integrate TigerAccess with Okta for single sign-on, automatic user provisioning, and MFA passthrough. Use your existing Okta identity for secure infrastructure access.

View Documentation Request Demo

Features

Enterprise Identity Integration

Leverage your Okta investment for secure infrastructure access.

SAML & OIDC SSO

Native support for both SAML 2.0 and OpenID Connect for seamless single sign-on.

SCIM Provisioning

Automatic user provisioning and deprovisioning with SCIM 2.0 protocol support.

MFA Passthrough

Leverage Okta MFA policies for infrastructure access without additional authentication steps.

Group Sync

Automatic synchronization of Okta groups to TigerAccess roles for consistent access control.

Capabilities

Complete Okta Integration

SAML 2.0 SSO

OIDC support

SCIM 2.0 provisioning

Group sync

MFA passthrough

JIT user creation

Attribute mapping

Session management

Okta Verify support

Universal Directory sync

Lifecycle management

Custom attributes

Setup

Get Started in Minutes

Follow these simple steps to integrate TigerAccess with Okta.

Create Okta Application

Add a new SAML or OIDC application in Okta for TigerAccess.

# In Okta Admin Console:
# 1. Go to Applications > Applications
# 2. Click "Create App Integration"
# 3. Select "SAML 2.0" or "OIDC"
# 4. Configure with TigerAccess URLs

Configure TigerAccess

Add the Okta connector in TigerAccess with your IdP metadata.

tacctl sso configure okta \
  --issuer=https://your-org.okta.com \
  --client-id=0oa1234567890 \
  --client-secret=<secret> \
  --redirect-uri=https://access.company.com/callback

Enable SCIM Provisioning

Set up automatic user provisioning with SCIM 2.0.

tacctl scim enable \
  --provider=okta \
  --base-url=https://access.company.com/scim/v2 \
  --bearer-token=$(tacctl scim token create)

Use Cases

Real-World Okta Scenarios

Unified Identity Management

Use Okta as your single source of truth for identity. Changes in Okta automatically reflect in TigerAccess permissions and access.

Streamlined Onboarding

New employees get infrastructure access automatically when added to Okta groups. No manual provisioning required.

Secure Offboarding

Deactivating users in Okta immediately revokes all infrastructure access, eliminating orphaned accounts and security risks.

Consistent MFA Enforcement

Apply your existing Okta MFA policies to infrastructure access without requiring users to authenticate twice.

FAQ

Frequently Asked Questions

How does Okta SSO work with TigerAccess?

TigerAccess supports both SAML 2.0 and OIDC for Okta integration. When users access TigerAccess, they are redirected to Okta for authentication. After successful authentication (including any configured MFA), Okta sends user attributes back to TigerAccess for authorization decisions.

Can I map Okta groups to TigerAccess roles?

Yes. TigerAccess automatically syncs Okta groups and can map them to roles. When a user's group membership changes in Okta, their TigerAccess permissions update automatically within minutes.

Does TigerAccess support Okta MFA?

Yes. TigerAccess supports MFA passthrough, meaning users who complete MFA in Okta do not need to authenticate again. TigerAccess receives the MFA status as part of the SAML assertion or OIDC token.

How quickly are users deprovisioned when removed from Okta?

With SCIM enabled, user deprovisioning is near real-time. When a user is deactivated in Okta, a SCIM request is sent to TigerAccess immediately, revoking all active sessions and certificates.

Can I use Okta Workflows with TigerAccess?

Yes. TigerAccess provides a comprehensive API that integrates with Okta Workflows. You can automate access request approvals, create custom provisioning logic, and trigger actions based on Okta events.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free Trial Contact Sales

No credit card required • 14-day free trial • Enterprise support available