Overview
This guide will help you connect your Okta organization to Hero. The integration allows Hero to securely access user and application information from your Okta organization, enabling you to manage vendor relationships more effectively.
What this integration does: Hero will be able to read user information and application data from your Okta organization. This is done securely using OAuth 2.0 with the specific scopes okta.users.read and okta.apps.read.
Prerequisites
- An active Okta organization (tenant)
- Administrator access to your Okta organization
- A Hero account with permission to add integrations
Step 1: Install the Hero Integration in Okta
- Log in to your Okta Admin Console
- Navigate to Applications → API Service Integrations
- Click Add Integration
- In the catalog, search for "Hero"
- Select the Hero integration from the results
If you cannot find the Hero integration in the catalog, you can manually create an OAuth 2.0 app:
- Go to Applications → Applications in your Okta admin console
- Click Create App Integration
- Select API Services as the sign-in method
- Name the application "Hero API Integration"
- After creation, go to the Okta API Scopes tab
- Grant the
okta.users.read and okta.apps.read scopes
Step 2: Authorize the Integration
After selecting the Hero integration, you'll see an authorization screen:
- Review the requested permissions:
okta.users.readokta.apps.readokta.oauthIntegrations.read
- Click Install & Authorize to grant these permissions
These permissions are read-only. Hero cannot modify users or applications in your Okta organization.
Step 3: Copy the Client Credentials
After authorization, Okta will generate credentials for the Hero integration:
- You'll see a screen displaying the Client ID and Client Secret
- Copy both values and store them securely - you'll need them in the next step
- Note your Okta domain (e.g.,
company.okta.com)
Important: The Client Secret will only be shown once. If you don't copy it now, you'll need to generate a new one later.
Step 4: Complete the Connection in Hero
- Return to the Hero application
- Navigate to Settings → Integrations
- Click Connect to Okta
- Enter the following information:
- Okta Domain: Your Okta organization's domain (e.g.,
company.okta.com)
- Client ID: The Client ID from Step 3
- Client Secret: The Client Secret from Step 3
- Click Connect to complete the integration
Hero will verify the credentials and establish a connection to your Okta organization. Once connected, Hero will be able to retrieve user and application information as needed.
Troubleshooting
Connection Issues
- Invalid credentials error: Double-check that you've entered the correct Client ID, Client Secret, and Okta domain.
- Authorization failed: Ensure that the integration has been properly authorized in your Okta organization with the required scopes.
- Network error: Verify that there are no network restrictions preventing communication between Hero and your Okta organization.
Rotating Client Secrets
If you need to rotate your client secret for security reasons:
- In Okta Admin Console, go to Applications → API Service Integrations
- Select the Hero integration
- Go to the General tab
- Click Rotate Client Secret
- Copy the new secret and update it in Hero's integration settings
Frequently Asked Questions
What data can Hero access from my Okta organization?
With the granted permissions, Hero can only read:
- User profiles (names, emails, etc.)
- Application configurations and metadata
Hero cannot modify any data in your Okta organization, nor can it access user passwords or other sensitive authentication information.
Is this integration secure?
Yes. The integration uses OAuth 2.0 with client credentials, an industry-standard secure authorization protocol. Hero only requests the minimum permissions needed (read-only access to users and apps). All communication is encrypted using TLS.
Can I revoke access at any time?
Yes. You can revoke Hero's access to your Okta organization at any time by:
- Going to Applications → API Service Integrations in your Okta Admin Console
- Selecting the Hero integration
- Clicking Deactivate or Delete
Does Hero support Single Sign-On (SSO) with Okta?
Hero is working on adding SSO support with Okta. This will allow your users to log in to Hero using their Okta credentials. Please contact Hero support for updates on this feature.
Need Help?
If you encounter any issues during the integration process, please contact Hero support: