# Okta
In this guide, you will create an API token in Okta to pull application activity telemetry and enable one-click containment and remediation tasks. This telemetry identifies impacted users with login activity from abnormal client environments such as OS, browser, geolocation, and more.
At the end of this configuration, you will provide Radiant Security with these values:
* **Okta domain** (the URL of your Okta domain)
{% hint style="info" %}
**Note:** The Okta domain should be provided in the following form: `https://my-org.okta.com.`
{% endhint %}
* **API Token**
### Prerequisites
To create an API token with permissions to query Okta System Logs, you need to be logged in as an administrator user that has at least [read-only permissions.](https://help.okta.com/en/prod/Content/Topics/Security/administrators-read-only-admin.htm)
{% hint style="warning" %}
**Important Note:** Tokens are valid only if the user who created them is active. Tokens issued by deactivated users are rejected. To avoid service interruptions, Okta recommends generating API tokens using a service account that won’t be deactivated and with Super Admin permissions that won’t change.
Please refer to [Okta documentation](https://help.okta.com/oie/en-us/Content/Topics/Security/API.htm) for information on token management.
{% endhint %}
### Generate the API token
1. Log in as an Okta administrator.
2. From the upper right corner, click the **Admin** button to open the Okta Admin Console. 
3. From the left side menu, navigate to **Security > API.**
4. Click **Create Token.**
5. Enter a name for your token such as **`Radiant Security API Token`** and click **Create Token.**
6. Copy the **Token value** in the pop-up screen.
{% hint style="info" %}
**Note**: Be sure to copy and store the API token value carefully, as it cannot be retrieved later and can present a security risk if used in an unauthorized fashion.
{% endhint %}
### Add the credentials in Radiant Security
1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Credentials** and click **+ Add Credential**.
3. Select the correct vendor from the list and click **Configure Credential.**
4. Give the credential an identifiable name (e.g. `Okta Credentials`) and add the required fields.
5. Click **Add Credential** to save the changes.
### Add the data connector in Radiant Security
1. From the navigation menu, select **Settings** > **Data Connectors** and click **+ Add Connector**.
2. Select the correct vendor from the list and click **Data Feeds**.
3. Select the applicable data feed and click **Credentials**.
4. From the drop-down, select the credential, or click **+ Add New Credential** if it doesn’t already exist.
5. Click **Add Connector** to finish creating the new data connector.
### Add the action connector in Radiant Security
1. From the navigation menu, select **Settings** > **Action Connectors** and click **+ Add Connector**.
2. Select the correct vendor from the list.
3. Confirm that the selected credentials are correct.
4. Click **Add Connector**.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/okta.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
