The Okta CLI can be used to easily interact with the Okta management API and:
- Create and update users with the Users API
- Manage groups with the Groups API
- Manage applications with the Apps API
- Much more!
Note: In the next few weeks, we'll be working on improving our docs. In the meantime, you can check out the template file for API coverage.
This library uses semantic versioning and follows Okta's library version policy.
| Version | Status |
|---|---|
| 0.x | 🚧 beta |
Build the source code locally by executing the following command:
make installThe Okta CLI looks for configuration in the following sources:
- An
okta.yamlfile in a.oktafolder in the current user's home directory (~/.okta/okta.yamlor%userprofile\.okta\okta.yaml) - A
.okta.yamlfile in the application or project's root directory - Environment variables
When you use an API Token instead of OAuth 2.0 the full YAML configuration looks like:
okta:
client:
connectionTimeout: 30 # seconds
orgUrl: "https://{yourOktaDomain}"
proxy:
port: null
host: null
username: null
password: null
token: {apiToken}When you use OAuth 2.0 the full YAML configuration looks like:
okta:
client:
connectionTimeout: 30 # seconds
orgUrl: "https://{yourOktaDomain}"
proxy:
port: null
host: null
username: null
password: null
authorizationMode: "PrivateKey"
clientId: "{yourClientId}"
scopes:
- scope.1
- scope.2
privateKey: |
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAl4F5CrP6Wu2kKwH1Z+CNBdo0iteHhVRIXeHdeoqIB1iXvuv4
THQdM5PIlot6XmeV1KUKuzw2ewDeb5zcasA4QHPcSVh2+KzbttPQ+RUXCUAr5t+r
0r6gBc5Dy1IPjCFsqsPJXFwqe3RzUb...
-----END RSA PRIVATE KEY-----
privateKeyId: "{JWK key id (kid}" # needed if Okta service application has more then a single JWK registered
requestTimeout: 0 # seconds
rateLimit:
maxRetries: 4Each one of the configuration values above can be turned into an environment
variable name with the _ (underscore) character:
OKTA_CLIENT_CONNECTIONTIMEOUTOKTA_CLIENT_TOKEN- and so on
To register interactively, use okta-cli-client register with no arguments
okta-cli-client registerTo register non-interactively, supply at least the first name, and type through the flags.
okta-cli-client register --first-name firstName
okta-cli-client register --first-name firstName --last-name lastName
okta-cli-client register --first-name firstName --last-name lastName --email email
okta-cli-client register --first-name firstName --last-name lastName --email email --country countryokta-cli-client group get --groupId <GROUP_ID>okta-cli-client group create --data '{ "profile": { "description": "test", "name": "Test" }, "type": "OKTA_GROUP"}'okta-cli-client group replace --groupId <GROUP_ID> --data '{ "profile": { "description": "test", "name": "Test2" }, "type": "OKTA_GROUP"}'okta-cli-client group delete --groupId <GROUP_ID>okta-cli-client group listsokta-cli-client applicationGroups assignGroupToApplication --appId <APP_ID> --groupId <GROUP_ID> --data ""okta-cli-client applicationGroups listApplicationGroupAssignments --appId <APP_ID>okta-cli-client application create --data '{"label":"Oktane Testing API Services App","name":"oidc_client","signOnMode":"OPENID_CONNECT","settings":{"oauthClient":{"application_type":"service","grant_types":["client_credentials"]}}}'okta-cli-client application get --appId <APP_ID>okta-cli-client application deactivate --appId <APP_ID>
okta-cli-client application delete --appId <APP_ID>okta-cli-client user create --data '{"credentials":{"password":{"value":"Hell4W0rld"}},"profile":{"email":"firstname.lastname@gmail.com","firstName":"ExampleFirstName","lastName":"ExampleLastName","login":"firstname.lastname@gmail.com"}}'okta-cli-client user get --userId <USER_ID>okta-cli-client user delete --userId <USER_ID>okta-cli-client group assignUserTo --userId <USER_ID> --groupId <GROUP_ID>
okta-cli-client group listUsers --groupId <GROUP_ID>In the Okta CLI current form, we only support stdout as output.
If you run into problems using the Okta CLI, you can
- Ask questions on the Okta Developer Forums
- Post issues here on GitHub (for code errors)