Ok
integration guide

syen comply for okta

configure the okta integration to bind authentication and identity context into the cryptographic evidence chain for every ai-assisted decision.

contents
  1. 01overview
  2. 02prerequisites
  3. 03install from oin catalog
  4. 04authorize the integration
  5. 05test the connection
  6. 06what data is fetched
  7. 07limitations
  8. 08support
§01

overview

syen comply is cryptographic audit infrastructure that seals ai-assisted decisions into tamper-evident, independently verifiable records. each record binds the model version, input data, policy state, identity context, and outcome into a signed payload anchored to an rfc 3161 timestamp.

the okta integration provides the identity context portion of every record. authentication events, user activity, and session data from the okta system log are fetched and bound into the cryptographic evidence chain alongside the ai model version, data used, policy applied, and outcome. regulators, auditors, and insurers can independently verify that the identity asserted in any ai decision matches what okta recorded at that moment.

all customers connect to the same api endpoint. per-tenant data isolation is handled at the authentication and cryptographic layer using customer-controlled kms keys.

§02

prerequisites

  • an active syen comply account (pro or enterprise tier)
  • an okta org with administrator privileges
  • ability to create api services app integrations in okta
  • okta.logs.read scope access
§03

install from the oin catalog

  1. sign in to your okta admin console.
  2. go to applications and click applications.
  3. click browse app catalog.
  4. search for syen comply for okta.
  5. click add integration.
  6. click done.
§04

authorize the integration

  1. in your okta admin console go to applications, then api service integrations.
  2. find syen comply for okta and click authorize.
  3. review the requested scope: okta.logs.read (read system log entries).
  4. click allow access.
  5. copy the client id and client secret from the general tab. these are your integration credentials.
§05

test the connection

send a get request to the test endpoint using your credentials. no authorization header is required — the test endpoint authenticates via the query parameters below.

Method: GET
URL:    https://api.syensystems.com/api/v1/integrations/okta/test

Query parameters:
  okta_org_url   = https://your-org.okta.com
  client_id      = YOUR_CLIENT_ID
  client_secret  = YOUR_CLIENT_SECRET

(no Authorization header required)

the base domain https://api.syensystems.com requires authentication. use the full endpoint path above.

a 200 response with a json array of mapped system log events confirms the integration is working.

§06

what data is fetched

the integration reads from the okta system log api using the okta.logs.read scope. it fetches all system log event types including authentication events, user activity, admin actions, and application events. each event is mapped to the following fields:

timestamp
event_type
display_message
actor_id
actor_display_name
actor_type
auth_method
ip_address
session_id
§07

limitations

  • the integration reads system log events only. it does not write to or modify any okta resources.
  • the okta.logs.read scope provides read-only access to all system log event types.
  • rate limits are subject to okta's system log api limits.
  • only the 10 most recent events are returned per test request. production use returns a configurable event window.
§08

support

for setup assistance contact support@syensystems.com or visit syensystems.com.