OIN Integration Scopes


I was looking to add our integration to OIN, however looking at the documentation I still have some questions about it.

Currently, our application runs on top of the Okta API, using an API Key generated by the user when he connects it.

Refresh token

Would publishing the application change how we need to authenticate with Okta? Would we have to use access token + refresh tokens?


Is the API the same for OIN as for non OIN applications? API documentation I’m referring to Core Okta API | Okta Developer

Unsupported scopes

| * Custom scopes, such as the groups scope, aren’t supported for integrations published in the OIN.

Is the groups scopes what provide us with access to read group membership, add or remove users for it?

Looking at some integration, SGNL for example, lists the capability to read about groups, so I wasn’t sure about exactly what the groups scope is.


Are you looking to make an API Service app for the OIN, or are you trying to use Okta API scopes in an SSO application (type Web, SPA, etc)?

Hey @andrea, thanks for catching this thread.

I already have a machine to machine integration, now I want to include my integration in the OIN.

This will make it easier for customers to connect, and give them more granular control over the permissions our application has, instead of an API Key linked to the user.

Gotcha. Then yeah, I think an API Service app is the way to go here. The scopes your integration will have access to will only be the Okta API scopes. The groups scope mentioned in the docs refers to a claim that can be used to store filtered group membership information in the Users ID token, but if you want to be able to make a request to OktaDomain/api/v1/groups, then you will instead be requesting the okta.groups.read scope.

This doc walks you through the various Okta Admin Management scopes available for your use and summarizes what they will grant access to: OAuth 2.0 Scopes

You can also review our newer API docs to see what OAuth 2.0 scope is required for a specific endpoint: List all Groups | Okta Developer

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.