# Okta ClearFeed’s Okta integration enables IT teams to manage user identities and access controls—such as resetting passwords or managing group memberships—directly from Slack. ## Supported Features With the Okta integration enabled, your IT team can use AI Agents to auto-respond to identity-related queries or Trigger Okta actions like: * Reset user passwords * Unlock locked user accounts * Suspend, unsuspend, deactivate, or reactivate users * View apps assigned to a user * Add or remove users from Okta groups ## Integrate Okta To connect Okta with ClearFeed, follow the below steps: * **Sign in** to your Okta organization as a user with administrative privileges. * In the **Admin Console**, go to `Applications > Applications`, and then click **Create App Integration**. The Create a new app integration page appears.
* Select **API Services** as the Sign-in method, and then click **Next**.
* Enter a name for your app integration and click **Save**. The app's main page appears.
* In the service app that you created, select **Admin Roles** and click on **Edit Assignments**.
* It is recommended to create a new custom role with permissions to manage users, groups, applications, and Identity Access Management. The specific permissions you assign should depend on how you intend to use Okta with ClearFeed. Alternatively, you can use an existing role such as the Organization Administrator role if it already provides the necessary permissions. Once the role is created or selected, assign it to the service app and click **Save Changes** when you finish. You may be prompted to authenticate.
* Go to the **Okta API Scopes** tab, and grant all the following scopes: ``` okta.users.read okta.users.manage okta.groups.read okta.groups.manage okta.apps.read okta.apps.manage ```
* Head over to the **General Settings** section and click on the **Edit** button. Deselect the **Require Demonstrating Proof of Possession (DPoP) header in token requests** checkbox and click on the **Save** button to save your configurations.
* In the **Client Credentials** section of the General tab, click **Edit** to change the client authentication method.
* Select **Public key/Private key** as the Client authentication method. Then click **Add Key > Generate New Key**.
* Copy the **PEM Private Key** from here. Click **Done**. Click **Save** to save changes.

Security Warning: Treat the PEM Private Key as a password. Store it in a secure location immediately. This key is not stored in Okta and cannot be retrieved again after you close this window. If you lose the key, you will need to generate a new one.

* This **Private Key**, along with **Client ID** and **Key ID (KID)** from the General Tab, should be entered on the Connection to Okta in ClearFeed.
## Using the Integration Once the integration is set up, you can configure AI Agents in ClearFeed to handle Okta-related actions: 1. Set Up Your Okta AI Agent - Follow [this guide](https://docs.clearfeed.ai/clearfeed-help-center/clearfeed-ai/ai-agents/build-ai-agents) to Create a new Agent.

Make sure to add Okta as an Integration and define which specific actions can the AI Agent take in Okta on its own. Write your own prompt or customize the default one and test before rolling out.

2. Manage Requests in Slack: Once deployed, ClearFeed offers below modes to manage Okta requests: * **Agent Assistant in Triage Threads -** In triage channels, use ClearBot Assist to tag `@clearfeed` to perform actions like: * reset password for @john.doe * unlock account for @user.name * add @user.name to Zoom group * **Virtual Assistant -** Let the AI Agent deflect common IT queries posted in your internal Slack channels. When a user asks a question, like “How do I reset my password?” or “I can’t log in”, the Virtual Agent responds instantly, pulling help documentation and inform Requestor. * **Automate Okta Actions -** Use ClearFeed Automations to: * Trigger actions based on form inputs * React to emoji triggers (e.g., 🔒 = suspend user) ## Example Use Cases
Use CaseDescription
Reset PasswordsReset user passwords either from Slack with a single action or through Automation
Unlock AccountsHandle account lockouts without needing to log into Okta.
Suspend / Deactivate UsersSupport offboarding and security events with Slack-only workflows.
List Assigned AppsView a user’s assigned apps to troubleshoot access issues.
Manage Group AccessAdd or remove users from Okta groups using commands or automation.