Authorize Your Kandji Instance for Okta Workflows

Integrate Kandji's Apple device management solution with Okta Workflows

Note: The Kandji connector is currently available in Okta Preview tenants, and is scheduled to be available in Production tenants on June 29, 2022.

You can use the Kandji connector to integrate Kandji device management with Okta Workflows to help automate critical components of the user lifecycle that are prone to friction or manual error.

This article covers how to authorize your Kandji instance for Okta Workflows.

After you successfully authorize your Kandji instance for Okta Workflows, you can use Kandji connector action cards in Okta Workflows.

Authorize Your Kandji Instance

When you add a Kandji card to a Workflow for the first time, you'll be prompted to configure the connection. This will enable you to connect your Kandji API token, save your token information, and reuse the connection for future Workflows.

Note: You can create multiple connections and manage them from your Connections page.

Create a Kandji Connection


  • Okta Workflows admin credentials;

  • Kandji Connection nickname; 
  • Kandji API key; 
  • Kandji domain (following the format or

You can create more than one connection—if, for instance, you have multiple Kandji instances or you are testing multiple Kandji API tokens.

The Kandji API token must allow the appropriate access for the given task. For example, to gather information about all devices, the Kandji API token must have permissions for the following:

Permission Description
Devices: Device Information: Device list Get a list of all devices in the Kandji instance
Devices: Device Information: Device details Get the full details for a specific device


Create an API Token in Kandji

To create an API token to use for the Kandji connector:

  1. Confirm that your Kandji instance has API enabled. If it doesn't, contact your Customer Support Manager.
  2. Sign in to the Kandji web app with administrator credentials.
  3. In the left sidebar, click Settings.
  4. Click Access.Settings General Access
  5. In the API Token section, if your instance doesn't already have an API Token, click Add API Token.

    Otherwise, click Add Token.

  6. In the Name field, enter a name such as Okta Workflows.
  7. In the Description field, enter a description such as Allow Okta Workflows to use the Kandji API.
  8. Click Create.Create Okta Workflows API
  9. In the Copy your API token dialog, click Copy Token.
  10. Store the copied token in a safe place. If you lose the text for the token, you can delete the token before you use it and create a new one with the steps above. You'll use this token in step 3 of the next section.
  11. Select the checkbox for I have copied the token and understand that I will not be able to see these details again.
  12. Click Next.

  13. In the Manage API Permissions dialog, click Configure.
  14. In the Permissions section, select the checkbox for each area to which you want Okta Workflows to have access. For example, select the checkbox for Blueprints Management to enable all permissions for inspecting and modifying Blueprints. Note: You can click the disclosure triangle to the right of the permission type to display more specific permissions.
  15. Review the permissions you've configured for the API token.
  16. Click Save then Close. Review API permissions
  17. In the API Token section, confirm that your new token is displayed.
  18. In your organization's API URL field, copy or make a note of your Kandji domain. That domain is in the middle of the API URL; it doesn't include the prefix https:// or the suffix that includes the path. Some examples: or

Set Up a Connection

  1. In Okta Workflows, from the Connections page or from any card, click New Connection.
    Okta Workflows - Click New Connection
  2. In the New Connection window, scroll if necessary, then select Kandji.Okta Workflows New Connection Window select Kandji@2x
  3. In the Connection Nickname field, enter a unique name that will help you distinguish multiple Kandji instances or multiple Kandji API keys.
  4. In the API key field, enter or paste the text of the API token you generated in step 10 of the previous section.
  5. In the Kandji domain field, enter your full Kandji domain (from step 18 of the previous section).
  6. Click Create.Okta Workflows New Connection with fields ready@2x

The Kandji connector is now configured and this connection is ready to be used with available cards for the connector.

For instance:

  1. In a Workflow, click Add app action.
  2. In the My Connected Apps section, click Kandji.Add app action then click Kandji in Flow
  3. Select a connector card.Kandji connector select card
  4. Configure the card and continue building your workflow.