Skip to content

feat: Add multi-profile support for managing multiple Okta organizations #664

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dan-redcupit wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: Add multi-profile support for managing multiple Okta organizations #664

dan-redcupit wants to merge 1 commit into from

Conversation

@dan-redcupit
Copy link

@dan-redcupit dan-redcupit commented Jan 23, 2026
edited
Loading

Summary

This PR adds multi-profile support to the Okta CLI, enabling users to manage credentials for multiple Okta organizations using named profiles. This is particularly valuable for:

  • Enterprises/MSPs/MSSPs managing multiple internal or client Okta tenants
  • Developers working across dev/staging/prod environments
  • Consultants switching between customer organizations

New Commands

  • okta login --profile-name <name> - Create or update a named profile
  • okta profiles list - List all configured profiles with active indicator
  • okta profiles use <name> - Switch the active profile
  • okta profiles show [name] - Display profile details (token masked)
  • okta profiles delete <name> - Remove a profile

New Global Option

  • okta --profile <name> <command> - Run any command with a specific profile (one-off)
  • OKTA_CLI_PROFILE environment variable - Set profile for shell session

Configuration Format

okta:
  profiles:
    default:
      orgUrl: https://dev-123456.okta.com
      token: 00abc...
    acme-corp:
      orgUrl: https://acme.okta.com  
      token: 00xyz...
  activeProfile: default

Backward Compatibility

  • Legacy single-profile format (okta.client.orgUrl/token) is automatically migrated on first write
  • Legacy format remains readable without migration
  • Existing users' credentials are preserved as the "default" profile

Example Usage

# Login to multiple orgs
okta login --profile-name acme-corp
okta login --profile-name bigco-prod

# List all profiles
okta profiles list
# Output:
#   NAME         ORG URL                         STATUS
#   ----         -------                         ------
# * default      https://dev-123456.okta.com     * active
#   acme-corp    https://acme.okta.com
#   bigco-prod   https://bigco.okta.com

# Switch profiles
okta profiles use acme-corp

# One-off command with specific profile
okta --profile bigco-prod apps list

Test plan

  • Unit tests for DefaultProfileConfigurationService
  • Manual testing of okta login --profile-name
  • Manual testing of okta profiles list/use/show/delete
  • Manual testing of okta --profile flag
  • Verify backward compatibility with legacy config format
  • Verify file permissions (0600) on POSIX systems

Files Changed

New Files

  • common/.../model/OktaProfile.java - Profile data model
  • common/.../service/ProfileConfigurationService.java - Service interface
  • common/.../service/DefaultProfileConfigurationService.java - Implementation
  • cli/.../commands/profiles/Profiles.java - Parent command
  • cli/.../commands/profiles/ProfilesList.java - List subcommand
  • cli/.../commands/profiles/ProfilesUse.java - Use subcommand
  • cli/.../commands/profiles/ProfilesShow.java - Show subcommand
  • cli/.../commands/profiles/ProfilesDelete.java - Delete subcommand
  • common/.../service/DefaultProfileConfigurationServiceTest.groovy - Tests

Modified Files

  • cli/.../Environment.java - Added profile state and activation
  • cli/.../OktaCli.java - Added --profile flag and profiles command
  • cli/.../commands/BaseCommand.java - Activate profile before command execution
  • cli/.../commands/Login.java - Support --profile-name option

🤖 Generated with Claude Code

@dan-redcupit @claude
feat: add multi-profile support for managing multiple Okta organizations
88699e5 
This feature allows MSPs, MSSPs, and developers to manage credentials for
multiple Okta organizations using named profiles, similar to AWS CLI profiles.

New features:
- `okta login --profile-name <name>` to create/update named profiles
- `okta profiles list` to list all configured profiles
- `okta profiles use <name>` to switch the active profile
- `okta profiles show [name]` to display profile details
- `okta profiles delete <name>` to remove a profile
- `okta --profile <name> <command>` for one-off commands with a specific profile
- `OKTA_CLI_PROFILE` environment variable support

Configuration format:
```yaml
okta:
  profiles:
    default:
      orgUrl: https://dev-123456.okta.com
      token: 00abc...
    acme-corp:
      orgUrl: https://acme.okta.com
      token: 00xyz...
  activeProfile: default
```

Backward compatibility:
- Automatically migrates legacy single-profile format on first use
- Legacy format continues to be readable without migration

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@dan-redcupit dan-redcupit force-pushed the feature/multi-profile-support branch from a77b038 to 88699e5 Compare January 23, 2026 08:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prachi-okta prachi-okta Awaiting requested review from prachi-okta prachi-okta is a code owner

@dhiwakar-okta dhiwakar-okta Awaiting requested review from dhiwakar-okta dhiwakar-okta is a code owner

@manmohan-shaw-okta manmohan-shaw-okta Awaiting requested review from manmohan-shaw-okta manmohan-shaw-okta is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dan-redcupit