Connect with Okta


Indent uses webhooks to notify your application when an event happens. Webhooks are particularly useful for asynchronous events like when a someone approves an access request, someone's time-based access grant expires, or a suspicious access pattern is identified.

First, you’ll need to create your space:


And, connect your team's chat app to handle the access requests:

In your tenant (or see how to create one), you will need to:

  • Switch to the Classic UI
  • Go to DirectoryGroups then "Add Group" called admin & admin-readonly
  • Go to SecurityAdministrators then "Add Administrator Group"
  • Grant "Org Admin" access to the group you just created admin
  • Grant "Readonly Admin" access to the group admin-readonly
  • Go to Security → API → Tokens (tab) then "Create Token"
  • Name it something like indent-example-[customer]-token
  • Copy the okta token to your clipboard

You will need the OKTA_TENANT and OKTA_TOKEN as environment variables.

If you'd prefer to granularly scope the token, learn how to create a service account here.

In order for your deployed webhook to validate requests came from Indent, we provide a webhook secret on the App page.

To deploy the Okta connector in your cloud:

curl https://codeload.github.com/indentapis/indent-js/tar.gz/master | \
  tar -xz --strip=2 indent-js-master/examples/serverless-aws-okta-webhook
cd serverless-aws-okta-webhook

npm install && \
  INDENT_WEBHOOK_SECRET="wk0SECRET" \
  OKTA_TENANT="example.okta.com" \
  OKTA_TOKEN="token" \
    npx serverless deploy

This will take a minute to run the first time as Serverless sets up the resources in the AWS Acount. You should see an output similar to below:

Serverless: Bundling with Webpack...
Time: 1790ms
Built at: 05/28/2020 10:40:29 PM
       Asset      Size  Chunks                   Chunk Names
    index.js  87.6 KiB       0  [emitted]        index
index.js.map   447 KiB       0  [emitted] [dev]  index
Entrypoint index = index.js index.js.map
 [0] ./node_modules/crypto-js/core.js 22.8 KiB {0} [built]
 [1] ./node_modules/crypto-js/cipher-core.js 29 KiB {0} [built]
 [2] ./node_modules/axios/lib/utils.js 8.61 KiB {0} [built]
 [3] ./node_modules/crypto-js/evpkdf.js 3.9 KiB {0} [built]
 [4] ./node_modules/crypto-js/enc-base64.js 3.99 KiB {0} [built]
 [5] ./node_modules/crypto-js/md5.js 9.2 KiB {0} [built]
 [6] ./node_modules/crypto-js/x64-core.js 8.68 KiB {0} [built]
 [7] ./node_modules/crypto-js/sha1.js 3.97 KiB {0} [built]
 [8] ./node_modules/crypto-js/hmac.js 3.89 KiB {0} [built]
[11] ./node_modules/crypto-js/index.js 1.55 KiB {0} [built]
[12] ./node_modules/crypto-js/sha256.js 5.41 KiB {0} [built]
[28] ./index.ts 3.9 KiB {0} [built]
[53] ./node_modules/axios/index.js 40 bytes {0} [built]
[54] ./node_modules/axios/lib/axios.js 1.39 KiB {0} [built]
[81] ./node_modules/@indent/webhook/esm/index.js + 1 modules 12.6 KiB {0} [built]
     | ./node_modules/@indent/webhook/esm/index.js 2.56 KiB [built]
     | ./node_modules/tslib/tslib.es6.js 10 KiB [built]
    + 67 hidden modules
Serverless: Packaging service...
Serverless: Uploading CloudFormation file to S3...
Serverless: Uploading artifacts...
Serverless: Uploading service indent-okta-webhook.zip file to S3 (161.64 KB)...
Serverless: Validating template...
Serverless: Updating Stack...
Serverless: Checking Stack update progress...
..............
Serverless: Stack update finished...
Service Information
service: indent-okta-webhook
stage: dev
region: us-west-2
stack: indent-okta-webhook-dev
resources: 12
api keys:
  None
endpoints:
  POST - https://1902j3209j2f.execute-api.us-west-2.amazonaws.com/dev/webhook
functions:
  webhook: indent-okta-webhook-dev-webhook
layers:
  None

Once you’ve deployed this webhook, update the URL in your App Config and you should start to see events flow into your webhook!

If you don't already have an Okta sandbox tenant, go to Okta Developer to create a free account.

  • Create a new Okta Group called ​Indent Access Manager Group,​ or something else memorable, with an understandable description.
  • Admin group for Indent to manage specified Okta Groups
  • Create a new Okta User called ​Indent Access Manager u​sing the email address of a Google Group or Microsoft Distribution List and add the group from Step 2
  • In Okta Admin, go to Security → Administrators → Add Administrator Group
  • Select the Okta Groups that Indent will manage