This article explains how to connect Okta Workforce Identity Cloud to Workbench.

Step 1: Enable console access

  1. Create a user in Okta for Expel.

    • Select Directory and People.

    • Under People select Add person.

      • User type: User

      • First name: Expel

      • Last name: SOC

      • Username: soc+<Your_Organization_Name>


        Yes, the "+" sign is part of the email address, and it's important. Click here to find out why.

      • Primary email: same as username

      • Password: set by user

      • Select Send user activation email now.

  2. Notify your customer success engineer that the registration email is sent.

Step 2: Generate API credentials

  1. Sign into your Okta organization as a user with Read-Only Admin privileges. API tokens have the same permissions as the user who creates them, and if the user permissions change, the API token permissions also change.

  2. Open the API page.

    • If you use the Developer Console, select Tokens from the API menu.

    • If you use the Administrator Console (Classic UI), select API from the Security menu, and then select Tokens.

  3. Click Create Token.

  4. Name your token ExpelAPI and click Create Token.


    Make note of your API token, as you only see it 1 time.

  5. Collect your Okta URL (also called an Okta domain).

    • Sign in to your Okta organization with your administrator account.

    • Look for the Okta domain in the upper right corner of the dashboard.

Step 3: Configure the technology in Workbench

  1. Log into

  2. Navigate to Settings > Security Devices.

  3. At the top of the page, click Add New Device.

  4. Search for and select Okta.

    Screen Shot 2021-07-16 at 6.18.35 PM.png
    • Complete all fields using the credentials and information you collected in Step 1 and Step 2.


This page was accurate at the time of writing, but changes happen. If you find the instructions are outdated, let us know via your engagement manager or account representative.