AUTOMATIONSWITCH
VendorSecurity

Okta MCP Server

by Okta

Official Okta IAM MCP. Full CRUD on users, groups, applications, and policies via the Okta Python SDK. Two authentication methods (Device Authorization Grant for interactive use, Private Key JWT for server-to-server) and integration with the MCP Elicitation API for confirming destructive operations.

31·6 tools·Released SEP 2025·Apache-2.0
docker-compose up -d # Docker recommended; uv-based path also available
Share:

Official Okta IAM MCP. Pushed yesterday with zero tagged releases yet, which is the central caveat: this server ships from `main` and operators wanting version pinning have to commit-pin. Apache-2.0, Python, 31 stars. The technical surface is the most polished in this batch security category: full CRUD on users, groups, applications, and policies; two authentication methods (Device Authorization Grant for interactive use, Private Key JWT for server-to-server); and integration with the MCP Elicitation API for confirming destructive operations through the client. The official path for agent-driven Okta administration. Built on Okta Python SDK. Distinctive feature: destructive operations (deletes, deactivations) prompt the user for confirmation through the MCP Elicitation API before proceeding, with automatic fallback for clients that omit Elicitation support. Docker-first installation path documented; uv-based path also available.

Reviewed by M. Nouriel · APR 2026
// Connect

INSTALL THIS SERVER

Requires authenticationDevice Authorization Grant (interactive) for individual operators or Private Key JWT (server-to-server) for automated agent deployments. Pin the issuing application to the minimum required Okta API scopes.
{ "mcpServers": { "okta": { "command": "docker", "args": [ "exec", "-i", "okta-mcp", "python", "-m", "okta_mcp_server" ], "env": { "OKTA_DOMAIN": "<your-okta-domain>", "OKTA_CLIENT_ID": "<your-client-id>" } } } }
PrereqDocker installation recommended: clone github.com/okta/okta-mcp-server, copy .env.example to .env with your Okta credentials, then `docker-compose up -d`. For uv-based install, follow the Python SDK setup in the README. Two auth modes: Device Authorization Grant (interactive, browser) or Private Key JWT (server-to-server, recommended for agents). Path: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS).
{ "mcpServers": { "okta": { "command": "docker", "args": [ "exec", "-i", "okta-mcp", "python", "-m", "okta_mcp_server" ], "env": { "OKTA_DOMAIN": "<your-okta-domain>", "OKTA_CLIENT_ID": "<your-client-id>" } } } }
{ "mcpServers": { "okta": { "command": "docker", "args": [ "exec", "-i", "okta-mcp", "python", "-m", "okta_mcp_server" ], "env": { "OKTA_DOMAIN": "<your-okta-domain>", "OKTA_CLIENT_ID": "<your-client-id>" } } } }
{ "mcpServers": { "okta": { "command": "docker", "args": [ "exec", "-i", "okta-mcp", "python", "-m", "okta_mcp_server" ], "env": { "OKTA_DOMAIN": "<your-okta-domain>", "OKTA_CLIENT_ID": "<your-client-id>" } } } }
{ "mcpServers": { "okta": { "command": "docker", "args": [ "exec", "-i", "okta-mcp", "python", "-m", "okta_mcp_server" ], "env": { "OKTA_DOMAIN": "<your-okta-domain>", "OKTA_CLIENT_ID": "<your-client-id>" } } } }
// Tools

6 TOOLS AVAILABLE

user_crud
Create, get, list, update, deactivate, delete Okta users
Admin
group_crud
Create, get, list, update, delete groups; manage memberships
Admin
application_crud
Create, get, list, update, delete applications; manage assignments
Admin
policy_crud
Create, get, list, update, delete authentication and authorization policies
Admin
factor_management
List and manage user MFA factors
Admin
system_logs
Query Okta system log events for audit trails
Read
// Editorial Review

OUR ASSESSMENT

Strengths
  • Official Okta GitHub org publication.
  • Apache-2.0 license.
  • Python SDK-based (Okta official SDK).
  • Two authentication methods: Device Authorization Grant (interactive) and Private Key JWT (server-to-server).
  • MCP Elicitation API integration for confirming destructive operations.
  • Comprehensive tool surface: full CRUD on users, groups, applications, policies.
  • Docker-first installation with uv as alternative.
  • 29 forks (high relative to 31 stars) signals active integration work.
Weaknesses
  • No tagged releases; runs from main. Operators wanting version pinning have to commit-pin.
  • 31 stars; community traction is modest.
  • 0 commits in the last 30 days; push activity reflects branch updates over new commits to main.
  • Manual installation flow is heavier than a single npx or uvx command.
Security Notes

Okta admin operations have organisation-wide blast radius. Use Private Key JWT authentication for server-to-server agent deployments and pin the issuing application to the minimum required Okta API scopes. The MCP Elicitation API confirmation pattern is a meaningful additional safeguard against agent hallucination on destructive operations; clients that omit Elicitation support fall back to a confirmation-via-tool-call pattern. For evaluation, use Device Authorization Grant against a sandbox Okta org. Rotate Private Key JWT signing keys on schedule.

Best For

Okta administrators wanting natural-language management operations, IAM workflows where confirmation prompts on destructive operations are required, and teams already running Okta and wanting native agent integration through Okta-published code.

// Technical

TECHNICAL DETAILS

Language
python
Transport
stdio
Clients
Claude DesktopClaude CodeCursorVS CodeWindsurf
License
Apache-2.0
GitHub
okta/okta-mcp-server · ★ 31
npm
okta-mcp-server
Last Release
main (no tagged releases)APR 28, 2026
First Released
SEP 23, 2025
// Adoption

ADOPTION METRICS

// GitHub Stars
31

// Reading this31 stars and 29 forks; the high fork-to-star ratio signals active integration work despite the modest star count.

// Popularity Rank
#23
Globally · #3 in Security

// Reading thisThird-ranked in security category. Tier 2 with the no-tagged-releases caveat; flag for re-evaluation when v0.1 ships.

// How we found this server

SOURCES & VERIFICATION

We don't take any single directory's word for it. Before scoring, we cross-reference 5 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.

01
Discovered
Manual submission
First indexed APR 29, 2026
02
Cross-referenced
5 directories
PulseMCP, MCP.so, Glama, Smithery, Official MCP Registry
03
Verified against
Claude Desktop, Cursor, VS Code
Installed and tested across clients
04
Last re-checked
APR 29, 2026
Weekly re-verification
// How other directories see it

The same server, 5 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.

SourceTheir ratingTheir star countTheir downloadsLast synced
AutomationSwitch This page3.7editorial31APR 29, 2026
PulseMCP— unratedunavailableunavailableAPR 29, 2026
MCP.so— unratedunavailableunavailableAPR 29, 2026
Glama— unratedunavailableunavailableAPR 29, 2026
Smithery— unratedunavailableunavailableAPR 29, 2026
Official MCP Registry— unratedunavailableunavailableAPR 29, 2026

// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.

// Alternatives

OTHER SECURITY MCP SERVERS

Vendor4.6

Prowler MCP

Prowler

Cloud Security Posture Management (CSPM) platform with 1000+ security checks across multiple cloud providers and 70+ compliance frameworks, exposed through MCP. Three deployment options: Prowler Cloud (recommended), local stdio, self-hosted HTTP. 13,717 stars, Apache-2.0.

8 tools13,717
Official4.4

CrowdStrike Falcon MCP

CrowdStrike

Official CrowdStrike Falcon MCP server. Connect AI agents to CrowdStrike Falcon for automated security analysis and threat hunting. 148 stars and 8 commits on main in the last 30 days.

7 tools148
Vendor4.3

Auth0 MCP Server

Auth0

Official Auth0 MCP server connecting Claude, Cursor, Windsurf, VS Code, and Gemini to Auth0 Management APIs. Create apps, deploy Actions, debug logs, and query users with natural-language commands. Read-only mode and tool-glob filtering supported. Beta software per Auth0.

8 tools106
Official4.2

HashiCorp Vault MCP

HashiCorp

Official HashiCorp MCP for Vault: secrets, mounts, KV, and PKI management with stdio and Streamable HTTP transports. 9 commits on main in the last 30 days. MPL-2.0 with HashiCorp official-vendor signal.

9 tools45
Official4.1

AWS IAM MCP

AWS Labs

Official AWS Labs MCP for IAM administration: users, roles, groups, policies, inline policies, access keys, and policy simulation. Read-only mode supported via --allow-write opt-in pattern. Apache-2.0 within awslabs/mcp monorepo.

7 tools8,924
Official4

AWS CloudTrail MCP

AWS Labs

Official AWS Labs MCP for CloudTrail: 90 days of management events via lookup_events and Trino-compatible SQL queries against CloudTrail Lake Event Data Stores. 3 commits on the server path in the last 30 days. Pairs with the IAM MCP for security audit workflows.

5 tools8,924
// Get in touch

DISCUSS YOUR
MCP REQUIREMENTS.

Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.

Discuss Your MCP Requirements →