Okta MCP
MCP server for Okta Identity-as-a-Service (IDaaS) platform covering users, groups, applications, policies, and system logs
Score Breakdown
Server Info
- Package
- okta-mcp-server
- Registry
- pypi
- Repository
- okta/okta-mcp-server
- Maintainer
- Community
- Category
- Identity & Auth
- Tags
- identityssodirectory
- Last Scanned
- 7 Apr 2026
Findings
4 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio transport only via FastMCP. Supports two OAuth 2.0 flows: (1) Device Authorization Grant with browser-based user consent, (2) Client Credentials with JWT assertion for headless/server environments (requires OKTA_PRIVATE_KEY and OKTA_KEY_ID). Tokens are stored in OS keyring via the keyring libr... For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Permission Granularity
HIGH12 destructive operations not isolated
Admin/delete tools are mixed with regular operations and cannot be independently disabled.
Namespace admin tools separately for independent access control.
LLM Safety
HIGHTool descriptions contain instructional language
Descriptions include directives that could influence LLM behavior beyond tool selection.
Remove instructional language. Descriptions should be purely factual.
Data Exposure
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Tools
40 total| Name | Description | Risk |
|---|---|---|
| list_users | List all the users from the Okta organization with pagination support. If search, filter, or q is specified, it will list only those users that satisfy the condition. | read |
| get_user_profile_attributes | List all user profile attributes supported by your Okta org. | read |
| get_user | Get a user by ID from the Okta organization | read |
| create_user | Create a user in the Okta organization. | admin |
| update_user | Update a user in the Okta organization. | write |
| deactivate_user | Deactivates a user from the Okta organization. The user will be asked for confirmation before the deactivation proceeds. | admin |
| delete_deactivated_user | Delete a user from the Okta organization who has already been deactivated or deprovisioned. | admin |
| list_groups | List all the groups from the Okta organization with pagination support. | read |
| get_group | Get a group by ID from the Okta organization | read |
| create_group | Create a group in the Okta organization. | write |
| delete_group | Delete a group by ID from the Okta organization. The user will be asked for confirmation before the deletion proceeds. | admin |
| confirm_delete_group | Confirm and execute group deletion after receiving confirmation. This function MUST ONLY be called after the human user has explicitly typed 'DELETE' as confirmation. | admin |
| update_group | Update a group by ID in the Okta organization. | write |
| list_group_users | List all users in a group by ID from the Okta organization with pagination support. | read |
| list_group_apps | List all applications in a group by ID from the Okta organization. | read |
| add_user_to_group | Add a user to a group by ID in the Okta organization. | write |
| remove_user_from_group | Remove a user from a group by ID in the Okta organization. | write |
| list_applications | List all applications from the Okta organization. | read |
| get_application | Get an application by ID from the Okta organization. | read |
| create_application | Create a new application in the Okta organization. | admin |
| update_application | Update an application by ID in the Okta organization. | write |
| delete_application | Delete an application by ID from the Okta organization. The user will be asked for confirmation before the deletion proceeds. | admin |
| confirm_delete_application | Confirm and execute application deletion after receiving confirmation. This function MUST ONLY be called after the human user has explicitly typed 'DELETE' as confirmation. | admin |
| activate_application | Activate an application in the Okta organization. | write |
| deactivate_application | Deactivate an application in the Okta organization. | write |
| list_policies | List all the policies from the Okta organization. | read |
| get_policy | Retrieve a specific policy by ID. | read |
| create_policy | Create a new policy. | admin |
| update_policy | Update an existing policy. | write |
| delete_policy | Delete a policy. The user will be asked for confirmation before the deletion proceeds. | admin |
| activate_policy | Activate a policy. | write |
| deactivate_policy | Deactivate a policy. The user will be asked for confirmation before the deactivation proceeds. | write |
| list_policy_rules | List all rules for a specific policy. | read |
| get_policy_rule | Retrieve a specific policy rule. | read |
| create_policy_rule | Create a new rule for a policy. | admin |
| update_policy_rule | Update an existing policy rule. | write |
| delete_policy_rule | Delete a policy rule. The user will be asked for confirmation before the deletion proceeds. | admin |
| activate_policy_rule | Activate a policy rule. | write |
| deactivate_policy_rule | Deactivate a policy rule. | write |
| get_logs | Retrieve system logs from the Okta organization with pagination support. | read |
Deploy Okta MCP securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow