Overview
Learn how to connect your Okta directory to Opensense so your organization's users and groups sync automatically. Once configured, Opensense pulls directory data daily to keep your email signature employee data up to date.
Before you start
Make sure you have:
Super Admin access in Okta (required to create API tokens)
Access to securely share credentials with the Opensense implementation team
Step-by-step guide
Step 1: Navigate to API token settings
Log in to the Okta Admin Console as a Super Admin
Go to Security → API
Click the Tokens tab
Expected result: You see the API Tokens page with a Create token button.
.png?sv=2022-11-02&spr=https&st=2026-02-24T22%3A53%3A44Z&se=2026-02-24T23%3A05%3A44Z&sr=c&sp=r&sig=DGwc%2Bc0kh%2Bbp5LsDWqbrumJ53rREsPl4mEJ7fIczR0Y%3D)
Step 2: Create an API token
Click Create token
Enter a name for the token (for example, "Opensense Directory Read")
For API calls made with this token must originate from, select Any IP
Click Create token
.png?sv=2022-11-02&spr=https&st=2026-02-24T22%3A53%3A44Z&se=2026-02-24T23%3A05%3A44Z&sr=c&sp=r&sig=DGwc%2Bc0kh%2Bbp5LsDWqbrumJ53rREsPl4mEJ7fIczR0Y%3D)
Expected result: A dialog displays "Token created successfully!" with your Token Value.
Step 3: Copy and save the token
Click the copy icon next to the Token Value to copy it
Save the token in a secure location
Click OK, got it
.png?sv=2022-11-02&spr=https&st=2026-02-24T22%3A53%3A44Z&se=2026-02-24T23%3A05%3A44Z&sr=c&sp=r&sig=DGwc%2Bc0kh%2Bbp5LsDWqbrumJ53rREsPl4mEJ7fIczR0Y%3D)
⚠️ Warning: This is the only time you can view the token. After clicking "OK, got it," Okta stores the token as a hash and you cannot retrieve it. If you lose the token, you must create a new one.
Expected result: You have the API Token saved securely.
Step 4: Get your Instance URL
Your Instance URL is your Okta domain. Find it in your browser address bar while logged into the Admin Console.
Examples:
https://yourcompany.okta.comhttps://login.yourdomain.com
Expected result: You have both the Instance URL and API Token saved.
Step 5: Provide credentials to Opensense
Share the following information securely with your Opensense implementation team:
Credential | Description | Example |
|---|---|---|
Instance URL | Your Okta domain URL |
|
API Token | The token value you copied | (your token value) |
ℹ️ Info: Use a secure method to share credentials, such as a password manager or encrypted communication channel.
Step 6: Verify the connection
Once Opensense configures your credentials, verify the sync is working:
In Opensense, click Manage in the navigation bar
Click Users
Click Action in the upper right corner
Click Run Sync
Confirm Okta appears as a source and the sync completes successfully
Expected result: Users and groups from Okta appear in Opensense. The sync runs automatically once daily after initial setup.
Troubleshooting
Invalid token
Cause: The API Token was entered incorrectly, revoked, or has expired.
Solution:
In Okta, go to Security → API → Tokens
Check if your token appears in the list and is active
If the token is missing or inactive, create a new token and share it with Opensense
ℹ️ Info: API tokens are valid for 30 days and automatically renew each time Opensense syncs. Since syncs run daily, tokens remain active. A token only expires if unused for 30+ consecutive days.
Access denied
Cause: The token was created by an admin without sufficient permissions.
Solution:
Verify the token was created by a Super Admin
If not, have a Super Admin create a new token
Share the new token with Opensense
Sync delays
Cause: The automated sync runs once daily. New users or groups may not appear immediately.
Solution:
In Opensense, go to Manage → Users
Click Action → Run Sync to trigger a manual sync
If issues persist, contact Opensense Support
Still having issues?
Contact Opensense Support for help:
Email: help@opensense.com
Knowledge Base: help.opensense.com
ℹ️ Info: When contacting support, include:
Screenshots of any error messages
Your Instance URL (do not share your API Token in screenshots)
Steps you've already tried