Overview
The Druva application requires specific API scopes to perform essential backup and recovery operations within your Okta tenant. Understanding these permissions is essential for security and compliance teams.
Permission Scope | What it Does |
.manage | Allows the application to create, read, or update identity data (e.g., restoring a deleted Group or updating a User attribute). |
.read | Allows the application to read all identity data necessary for comprehensive backups and discovery from Okta. |
Required Permissions
The following permissions are required to authorize Druva to back up your Okta environment.
Users
API Scopes | Usage |
okta.users.manage | To create, update, and delete user accounts. |
okta.factors.manage | To manage Users’ Multi-Factor Authentication (MFA). |
Groups
API Scopes | Usage |
okta.groups.manage | To create, update, and delete groups. |
Applications
API Scopes | Usage |
okta.apps.manage | To manage application integrations and configurations. |
okta.appGrants.manage | To manage specific grants and scopes for applications. |
okta.clients.read | Allows the app to read information about clients in your Okta organization. |
Schemas and Profiles
API Scopes | Usage |
okta.schemas.manage | To manage and update user and application schemas. |
okta.profileMappings.manage | To manage attribute mappings between profiles. |
okta.userTypes.manage | To manage and configure custom user types. |
Security and Policies
API Scopes | Usage |
okta.policies.manage | To manage sign-on, MFA, and password policies. |
okta.networkZones.manage | To manage specific grants and scopes for applications. |
Authenticators
API Scopes | Usage |
okta.authenticators.manage | To configure and manage system authenticators. |
Organization Settings
API Scopes | Usage |
okta.orgs.manage | To manage organization-wide settings and branding. |
okta.emailDomains.manage | To manage and verify custom email domains. |
okta.trustedOrigins.manage | To manage CORS and Redirect origins for security. |
okta.features.manage | To enable or disable specific Okta features. |
okta.threatInsights.manage | To manage and update user and application schemas. |
okta.captchas.manage | To manage CAPTCHA configurations for security. |
Workflows
API Scopes | Usage |
okta.eventHooks.manage | To create and manage event-driven hooks. |
okta.inlineHooks.manage | To manage registration and SAML inline hooks. |
System Monitoring
API Scopes | Usage |
okta.logs.read | To read and monitor system event logs for auditing. |
Devices
API Scopes | Usage |
okta.devices.read | To read device lifecycle events, including status transitions and device deletion. |
Admin Roles
API Scopes | Usage |
okta.roles.manage | To manage administrative roles for users within the Okta organization. |
Authorization Servers
API Scopes | Usage |
okta.authorizationServers.manage | To create and manage Authorization Servers. |
Identity Provider
API Scopes | Usage |
okta.idps.manage | To create and manage Identity Providers in your Okta organization.
|