TAKO MCP Server for Okta MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add -e "OKTA_ORG_URL=${OKTA_ORG_URL}" -e "OKTA_API_TOKEN=${OKTA_API_TOKEN}" tako-okta -- docker run -i --rm -e OKTA_ORG_URL -e OKTA_API_TOKEN tako-mcp-server:stdio
Required:OKTA_ORG_URLOKTA_API_TOKEN+ 1 optional
README.md

Securely query and manage Okta resources for IAM and security administration.

Built by the Fctr Identity team • Not affiliated with Okta

TAKO MCP Server for Okta (beta v0.1)

⚡ Powered by Anthropic's Code Execution with MCP Architecture

Production-ready MCP server implementing Anthropic's Code Execution with MCP pattern with dual-mode operation, context-engineering, enhanced security sandbox, and enterprise-grade features.

Overview

A production-ready MCP server for Okta administration with dual-mode operation. Successor to okta-mcp-server.

This server enables AI assistants to query Okta resources using the Model Context Protocol. It is designed for IAM engineers, security teams, and Okta administrators who want to give their AI tools safe, controlled access to their Okta environment.

Key Features:

  • 🔄 Dual-Mode Operation - Standard MCP server mode or autonomous agent mode
  • 🌐 Flexible Transports - STDIO for desktop clients, HTTP for remote deployments
  • 🔑 Okta Tokens - API Token (simple) or OAuth2 with Private Key JWT (production)
  • 📊 CSV Export - Save query results to files for reporting
  • 🔒 Secure Execution - AST-based sandbox with whitelisted operations
  • MCP Compliant - Elicitation, Progress notifications, logging, and tool annotations

📋 Table of Contents

🧠 Core Concepts

Before installing, it's helpful to understand the two key configuration choices: Mode and Transport.

1. Operating Modes

Controls how the AI interacts with the server. Set via ENABLE_AGENT_MODE environment variable.

Feature Basic MCP Mode (false) Agent Mode (true)
Context Size Higher - all tools loaded upfront Lower - progressive discovery
Token Cost Higher initial cost Lower initial cost
Use Case MCP gateways, tool composition, granular control Autonomous AI workflows
Architecture Standard MCP tool exposure Meta-tool discovery pattern
Data Fetching Sample data (3 results) + endpoint metadata Full result sets via code execution
Available Tools read_system_instructions, get_code_generation_prompt, execute_code, okta_* tools get_available_operations, get_operation_details, get_code_generation_prompt, execute_code

Basic MCP ServerMode (Default)

Tools exposed directly to the LLM. The AI calls read_system_instructions() first, then uses okta_* tools for sample data and execute_code() for full results.

Basic MCP Mode

Can be used for:

Category Supported Platforms
Desktop Clients Claude Desktop, Cursor, Zed, VS Code (Windsurf)
Enterprise Gateways Obot.ai, Smithery, Lasso Security
Agent Frameworks LangGraph, LlamaIndex, Goose

Agent Mode

AI discovers APIs dynamically via get_available_operations() and get_operation_details(), then generates code for execution. This mode is ideal for complex, multi-step queries where the agent explores the API surface as needed.

Agent Mode

2. Transports

Controls how clients connect to the server.

Transport Description Best For
STDIO (Default) Communicates via standard input/output pipes. Local desktop apps (Claude, Cursor, VS Code).
HTTP (SSE) Exposes a web server endpoint (/mcp). Remote deployments, Docker, Web-based agents.

🚀 Quick Start

Choose the installation method that fits your workflow.

Option A: Docker (Recommended)

The fastest way to get started without managing Python dependencies.

# 1. Clone the repository
git clone https://github.com/fctr-id/fctr-okta-mcp-server.git
cd fctr-okta-mcp-server

# 2. Create directories for persistent data
mkdir -p logs okta_results  # Windows: New-Item -ItemType Directory -Path logs, okta_results -Force

# 3. Create a .env file (see Configuration section for all options)
cp .env.sample .env
# Edit .env with your Okta credentials

# 4. Build with Docker
docker build --target stdio -t tako-mcp-server:stdio .  # STDIO mode
docker build --target http -t tako-mcp-server:http .    # HT

Tools (5)

read_system_instructionsRetrieves system instructions for the MCP server.
get_code_generation_promptProvides a prompt for generating code to interact with Okta.
execute_codeExecutes code in a sandboxed environment to perform Okta operations.
get_available_operationsLists available Okta API operations for agent discovery.
get_operation_detailsRetrieves detailed information about a specific Okta operation.

Environment Variables

OKTA_ORG_URLrequiredThe base URL of your Okta organization.
OKTA_API_TOKENrequiredOkta API token for authentication.
ENABLE_AGENT_MODEToggle between standard MCP mode (false) and autonomous agent mode (true).

Configuration

claude_desktop_config.json
{"mcpServers": {"tako-okta": {"command": "docker", "args": ["run", "-i", "--rm", "-e", "OKTA_ORG_URL", "-e", "OKTA_API_TOKEN", "tako-mcp-server:stdio"]}}}

Try it

List all users in the 'Engineering' group using the Okta tools.
Find all inactive users who haven't logged in for the last 90 days.
Generate a report of all assigned applications for the user with email 'jdoe@example.com'.
Check for any security policy violations in the current Okta configuration.
Export the list of all active groups to a CSV file.

Frequently Asked Questions

What are the key features of TAKO MCP Server for Okta?

Dual-mode operation supporting both standard MCP and autonomous agent workflows. Secure AST-based sandbox with whitelisted operations for code execution. Support for both API Token and OAuth2 with Private Key JWT authentication. CSV export functionality for reporting query results. Flexible transport options including STDIO and HTTP/SSE.

What can I use TAKO MCP Server for Okta for?

Automating IAM user lifecycle management tasks for security teams. Performing bulk audits of Okta group memberships and application assignments. Generating compliance reports for Okta environment configurations. Enabling AI agents to perform complex, multi-step Okta API queries safely.

How do I install TAKO MCP Server for Okta?

Install TAKO MCP Server for Okta by running: docker build --target stdio -t tako-mcp-server:stdio .

What MCP clients work with TAKO MCP Server for Okta?

TAKO MCP Server for Okta works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep TAKO MCP Server for Okta docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all cloud servers →

Related MCP Servers

SSH MCP Server
Execute shell commands on remote Linux and Windows systems via SSH.
cloud346 stars
Hono MCP Server
Expose your Hono API endpoints as MCP tools.
cloud77 stars
n8n Manager for AI Agents
Manage n8n workflow automation instances through AI agent tools.
cloud54 stars
Kilntainers
Give Every Agent an Ephemeral Linux Sandbox — via MCP
cloud36 stars
AWS MCP Server
Manage and provision AWS resources using natural language prompts
cloud27 stars
Dynamics 365 Finance & Operations
Production-ready MCP server for Microsoft Dynamics 365 Finance & Operations
cloud25 stars