Okta
  • 13 Jun 2022
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Okta

  • Dark
    Light
  • PDF

Okta provides cloud software that helps companies manage their employees' passwords, by providing a “single sign-on” experience.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Users

Parameters

  1. Okta URL (required) - The hostname or IP address of the Okta server. This field format is '[instance].okta.com'.
  2. Okta API Key (required) - An API key, created in the admin panel. For details, see Creating an API Token in Okta.
  3. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Okta URL.
    • If supplied, Axonius will utilize the proxy when connecting to the value supplied in Okta URL.
    • If not supplied, Axonius will connect directly to the value supplied in Okta URL.
  4. Number of parallel requests (required, default: 75) - Specify the maximum parallel requests that will be created when connecting to the value supplied in Okta URL.
  5. API rate limit threshold percentage (required, default: 10) - Specify the threshold percentage of the Okta API rate limit when connecting to the value supplied in Okta URL. Axonius will stop the data fetch when the API rate limit will reach to the supplied value.
    6.To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png

Advanced Settings

Note:

From version 4.6 Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters

  1. Email domaininclude list (optional, default: empty) - specify a comma-separated list of email domains.
    • If supplied, all connections for this adapter will only fetch users whose email domain is in the specified list.
    • If not supplied, all connections for this adapter will fetch all users.
  2. Fetch users apps (required, default: True)
    • If enabled, all connections of this adapter will also fetch information on users application.
    • If disabled, all connections of this adapter will not fetch information on users application.
  3. Fetch users groups (required, default: True) - Select whether to fetch users groups.
    • If enabled, all connections of this adapter will also fetch users groups details.
    • If disabled, all connections of this adapter will not fetch users groups details.
  4. Fetch users authentication factors (required, default: False)
    • If enabled, all connections of this adapter will also fetch users authentication factors.
    • If disabled, all connections of this adapter will not fetch users authentication factors.
  5. Time in seconds to sleep between each request (optional, default: empty) - Specify sleeping time in seconds between each API request Axonius sends to Okta.
    • If supplied, all connections for this adapter will use the specified time between API requests Axonius sends to this adapter.
    • If not supplied, all connections for this adapter will have no sleep time between API requests Axonius sends to this adapter.
  6. Fetch logs (required, default: True) - Select whether to fetch information about user's log events, that include details such as: IP address, browser, OS type.
    • If enabled, all connections of this adapter will also fetch information on users' log events.
    • If disabled, all connections of this adapter will not fetch information on users log events.
  7. Fetch admin roles (required, default: False) - Select whether to fetch additional information on admin roles.
    • If enabled, all connections of this adapter will also fetch additional information on admin roles.
    • If disabled, all connections of this adapter will only fetch users with admin roles, without additional information about those roles.
  8. Fetch deprovisioned users (required, default: False) - Select whether to fetch users that are deprovisioned.
  9. Display recovery question in View Advanced (required, default: False) - Select whether to save the users' recovery questions in the Axonius database.
    • When you enable this parameter, the recovery question is displayed in plain-text in the View Advanced data for the Okta Adapter.
  10. User results limit (required, default: 100) - Specify the number of results per page when Axonius makes the API call. The maximum value is 200.
NOTE

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

Creating an API Token in Okta

To create an API key:

  1. Go to the Security and click on API

Okta1.png

.
6. and then on Tokens.
Okta2.png

  1. Click Create Token, and choose a token with Okta API type.
    Okta3.png

  2. On the pop-up, type a new name for the token and click Create Token.

  3. Copy the token value and save it on a secure location (you will need it later on when configuring the adapter).

Permissions

Read Only Admin permissions are required to use this adapter.

If you need to use the the "Fetch Admin Roles", then this requires configuring credentials to have SUPER ADMIN access in order to view the other admin roles.
Documentation for the Okta permissions can be found here


First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.