diff --git a/detect_secrets/plugins/okta.py b/detect_secrets/plugins/okta.py
new file mode 100644
index 000000000..64f8c4a8f
--- /dev/null
+++ b/detect_secrets/plugins/okta.py
@@ -0,0 +1,17 @@
+"""
+This plugin searches for Okta API tokens
+"""
+import re
+
+from detect_secrets.plugins.base import RegexBasedDetector
+
+
+class OktaDetector(RegexBasedDetector):
+    """Scans for Okta API tokens."""
+    secret_type = 'Okta API Token'
+
+    denylist = [
+        # refs: https://developer.okta.com/docs/guides/create-an-api-token/main/
+        # ex from docs: 00QCjAl4MlV-WPXM...0HmjFx-vbGua
+        re.compile(r'00[a-zA-Z0-9\-\_]{40,}'),
+    ]
diff --git a/tests/plugins/okta_test.py b/tests/plugins/okta_test.py
new file mode 100644
index 000000000..71418ea18
--- /dev/null
+++ b/tests/plugins/okta_test.py
@@ -0,0 +1,19 @@
+import pytest
+
+from detect_secrets.plugins.okta import OktaDetector
+
+
+class TestOktaDetector:
+
+    @pytest.mark.parametrize(
+        'payload, should_flag',
+        [
+            # pragma: allowlist nextline secret
+            ('00ZDreYRgPTWY4MpAf5ED9TVXjfS9XKxT6Fy3fC7uA', True),
+        ],
+    )
+    def test_analyze(self, payload, should_flag):
+        logic = OktaDetector()
+        output = logic.analyze_line(filename='mock_filename', line=payload)
+
+        assert len(output) == int(should_flag)