The Okta CLI can be used to easily interact with the Okta management API and:
- Create and update users with the Users API
- Manage groups with the Groups API
- Manage applications with the Apps API
- Much more!
Note: In the next few weeks, we'll be working on improving our docs. In the meantime, you can check out the template file for API coverage.
This library uses semantic versioning and follows Okta's library version policy.
Version | Status |
---|---|
0.x | 🚧 beta |
Build the source code locally by executing the following command:
make install
The Okta CLI looks for configuration in the following sources:
- An
okta.yaml
file in a.okta
folder in the current user's home directory (~/.okta/okta.yaml
or%userprofile\.okta\okta.yaml
) - A
.okta.yaml
file in the application or project's root directory - Environment variables
When you use an API Token instead of OAuth 2.0 the full YAML configuration looks like:
okta:
client:
connectionTimeout: 30 # seconds
orgUrl: "https://{yourOktaDomain}"
proxy:
port: null
host: null
username: null
password: null
token: {apiToken}
When you use OAuth 2.0 the full YAML configuration looks like:
okta:
client:
connectionTimeout: 30 # seconds
orgUrl: "https://{yourOktaDomain}"
proxy:
port: null
host: null
username: null
password: null
authorizationMode: "PrivateKey"
clientId: "{yourClientId}"
scopes:
- scope.1
- scope.2
privateKey: |
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAl4F5CrP6Wu2kKwH1Z+CNBdo0iteHhVRIXeHdeoqIB1iXvuv4
THQdM5PIlot6XmeV1KUKuzw2ewDeb5zcasA4QHPcSVh2+KzbttPQ+RUXCUAr5t+r
0r6gBc5Dy1IPjCFsqsPJXFwqe3RzUb...
-----END RSA PRIVATE KEY-----
privateKeyId: "{JWK key id (kid}" # needed if Okta service application has more then a single JWK registered
requestTimeout: 0 # seconds
rateLimit:
maxRetries: 4
Each one of the configuration values above can be turned into an environment
variable name with the _
(underscore) character:
OKTA_CLIENT_CONNECTIONTIMEOUT
OKTA_CLIENT_TOKEN
- and so on
okta-cli-client group get --groupId <GROUP_ID>
okta-cli-client group create --data '{ "profile": { "description": "test", "name": "Test" }, "type": "OKTA_GROUP"}'
okta-cli-client group replace --groupId <GROUP_ID> --data '{ "profile": { "description": "test", "name": "Test2" }, "type": "OKTA_GROUP"}'
okta-cli-client group delete --groupId <GROUP_ID>
okta-cli-client group lists
okta-cli-client applicationGroups assignGroupToApplication --appId <APP_ID> --groupId <GROUP_ID> --data ""
okta-cli-client applicationGroups listApplicationGroupAssignments --appId <APP_ID>
okta-cli-client application create --data '{"label":"Oktane Testing API Services App","name":"oidc_client","signOnMode":"OPENID_CONNECT","settings":{"oauthClient":{"application_type":"service","grant_types":["client_credentials"]}}}'
okta-cli-client application get --appId <APP_ID>
okta-cli-client application deactivate --appId <APP_ID>
okta-cli-client application delete --appId <APP_ID>
okta-cli-client user create --data '{"credentials":{"password":{"value":"Hell4W0rld"}},"profile":{"email":"firstname.lastname@gmail.com","firstName":"ExampleFirstName","lastName":"ExampleLastName","login":"firstname.lastname@gmail.com"}}'
okta-cli-client user get --userId <USER_ID>
okta-cli-client user delete --userId <USER_ID>
okta-cli-client group assignUserTo --userId <USER_ID> --groupId <GROUP_ID>
okta-cli-client group listUsers --groupId <GROUP_ID>
In the Okta CLI current form, we only support stdout
as output.
If you run into problems using the Okta CLI, you can
- Ask questions on the Okta Developer Forums
- Post issues here on GitHub (for code errors)