Okta integration: synchronization, API usage, and rate limiting

In this topic, you will find details about how Portnox Cloud synchronizes with the Okta Workforce Identity Cloud.

How Portnox Cloud uses the Okta API

Portnox Cloud uses the Okta API during user authentication and during a periodic synchronization job that runs every 3 hours. During synchronization, Portnox Cloud remaps and, where necessary, removes existing Portnox Cloud accounts to reflect the current state of your Okta directory.

During synchronization, Portnox Cloud does not read the entire Okta directory. It generally reads only the following from Okta:

  • The Okta groups that you have mapped to Portnox Cloud groups, and the users in those groups.

  • The individual Okta users for whom Portnox Cloud has already created an account.

The number of API calls depends on how many users authenticate via Okta and how many users and groups are covered by your mappings.

How Portnox Cloud handles Okta API rate limits

  • Where possible, Portnox Cloud sends multiple pieces of information in a single API request, rather than making a separate request for each individual user or group.

  • If Okta responds with an HTTP 429 (Too Many Requests) error, Portnox Cloud waits and retries the request.

  • In most environments, the default retry and timeout settings work without any adjustment. If you experience persistent API errors, Portnox support can adjust these settings for your environment.