Skip to main content
This guide walks you through connecting your Okta tenant to Clarion. The setup involves two parts: creating an API application in Okta and configuring a webhook for sign-in event monitoring.
Estimated time: 10-15 minutes. You will need Okta Admin access.
The Clarion integration wizard generates all required values (keys, URLs, secrets) for you. Keep the wizard open alongside your Okta admin panel.

Prerequisites

  • Access to your Okta Admin Console
  • A Clarion workspace with the Okta integration wizard open

Part 1: Create the API Application in Okta

Step 1 — Create the app

  1. In the Okta admin panel, go to Applications > Applications.
  1. Click Create App Integration.
  2. Select API Services and give it a name (e.g. Clarion).

Step 2 — Copy the Client ID

  1. After creating the app, note the Client ID on the app’s General tab.
  1. Enter this Client ID into the Clarion integration wizard along with your Okta tenant URL.

Step 3 — Configure Public Key authentication

  1. In the app’s Client Credentials section, click Edit.
  2. Change Client authentication to Public key / Private key.
  1. Click Save — you will see an error and be scrolled to the Public Keys section. Click Edit there as well.
  2. In the Clarion wizard, copy the generated Public Key JSON.
  1. In Okta, click Add key and paste the JSON from Clarion.
  1. Click Save on the Public Keys panel.
  2. Click Save again on the Client Credentials panel.
You must save both the Public Keys panel and the Client Credentials panel. Okta requires saving each section separately.

Step 4 — Grant API Scopes

  1. Go to the Okta API Scopes tab on your app.
  2. Grant the following scopes (use your browser’s search to find them):
    • okta.logs.read
    • okta.users.manage

Step 5 — Assign Admin Role

  1. Go to the Admin Roles tab on your app.
  2. Click Edit assignments.
  1. Select Super Administrator from the Role dropdown.
  1. Click Save changes.
  1. If prompted, confirm your identity with MFA.
If you see errors or a popup blocker warning during the role assignment save, allow the popup and re-authenticate. Then return to the previous tab and click Save changes again.

Part 2: Configure the Webhook

Step 1 — Create the Event Hook

  1. In Okta, go to Workflow > Event Hooks.
  2. Click Create Event Hook.

Step 2 — Fill in webhook details

From the Clarion wizard, copy the following values into the Okta form:
FieldSource
NameChoose any name (e.g. Clarion Webhook)
URLCopy from Clarion wizard
Authentication fieldCopy from Clarion wizard
Authentication secretCopy from Clarion wizard

Step 3 — Subscribe to sign-in events

  1. In the event subscription list, select User sign in attempt (this corresponds to the user.session.start event).

Step 4 — Verify the webhook

  1. After creating the webhook, Okta will ask you to verify it.
  2. If you have already saved the integration in Clarion, verification should succeed automatically.

What happens next

Once configured, Clarion will automatically:
  • Receive sign-in events from Okta in real time
  • Analyze sign-ins for anomalies (impossible travel, unusual location, unusual time)
  • Create alerts and triage them using AI agents
  • Take response actions when needed (e.g. suspending compromised accounts)