Okta

Okta provides cloud software that helps companies manage their employees' passwords, by providing a “single sign-on” experience.

Related Enforcement Actions:

• Okta - Add or Remove Users to/from Group
• Okta - Disable Users
• Okta - Enable Users

Types of Assets Fetched

This adapter fetches the following types of assets:

• Devices
• Users

Parameters

1. Okta URL (required) - The hostname or IP address of the Okta server. This field format is '[instance].okta.com'.

2. Okta API Key (required) - An API key, created in the admin panel. For details, see Creating an API Token in Okta.

3. Number of parallel requests (required, default: 75) - Specify the maximum parallel requests that will be created when connecting to the value supplied in Okta URL.

4. API rate limit threshold percentage (required, default: 10) - Specify the threshold percentage of the Okta API rate limit when connecting to the value supplied in Okta URL. Axonius will stop the data fetch when the API rate limit will reach to the supplied value.

5. Filters users by group name - Use this option to only fetch users from a specific group. In order to use this feature a group with users must be configured in Okta. Refer to Configuring a Group in Okta for details.

6. Add users inside the devices - Select this option to fetch the devices with the users.

7. HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Okta URL.
   7.To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

1. Email domaininclude list (optional) - specify a comma-separated list of email domains to only fetch users whose email domain is in the specified list.
2. Fetch users apps (required, default: True)
   • If enabled, all connections of this adapter will also fetch information on users application.
   • If disabled, all connections of this adapter will not fetch information on users application.
3. Fetch users groups (required, default: True) - Select whether to fetch users groups.
   • If enabled, all connections of this adapter will also fetch users groups details.
   • If disabled, all connections of this adapter will not fetch users groups details.
4. Fetch users authentication factors
   • If enabled, all connections of this adapter will also fetch users authentication factors.
   • If disabled, all connections of this adapter will not fetch users authentication factors.
5. Time in seconds to sleep between each request (optional) - Specify sleeping time in seconds between each API request Axonius sends to Okta.
   • If supplied, all connections for this adapter will use the specified time between API requests Axonius sends to this adapter.
   • If not supplied, all connections for this adapter will have no sleep time between API requests Axonius sends to this adapter.
6. Fetch logs (required, default: True) - Select whether to fetch information about user's log events, that include details such as: IP address, browser, OS type.
   • If enabled, all connections of this adapter will also fetch information on users' log events.
   • If disabled, all connections of this adapter will not fetch information on users log events.
7. Fetch logs from the last X days - Enter a number of days back from which to fetch logs.
8. Fetch admin roles - Select whether to fetch additional information on admin roles.
   • If enabled, all connections of this adapter will also fetch additional information on admin roles.
   • If disabled, all connections of this adapter will only fetch users with admin roles, without additional information about those roles.
9. Fetch deprovisioned users - Select whether to fetch users that are deprovisioned.
10. Display recovery question in View Advanced - Select whether to save the users' recovery questions in the Axonius database.
    • When you enable this parameter, the recovery question is displayed in plain-text in the View Advanced data for the Okta Adapter.
11. User results limit (required, default: 100) - Specify the number of results per page when Axonius makes the API call. The maximum value is 200.
12. Only fetch user records (optional) - Select whether to only fetch user records from Okta.

Creating an API Token in Okta

To create an API key

1. Go to Security and select API.

.
2. Then select Tokens.

3. Select Create Token and select a token with Okta API type.
   

4. On the pop-up, type a new name for the token and click Create Token.

5. Copy the token value and save it to a secure location (you will need it later when configuring the adapter).

Configuring a Group in Okta

To use Filters users by group name, you need to create a group in Okta.
To create a group in Okta:

1. Go to the Okta admin panel
2. From Directory choose Groups
3. Select Add Group

3. Give a name to the group and if you want, add a description

4. Select the Rules tab and choose Add Rule

5. On that rule add the user email, contains, and add the domain

6. On the rules list, from Actions, select Activate to activate the rule.

The group must include users with that domain. This group can now be used as a filter to fetch users for Axonius. Use this group name in the Group name to filter users setting.

Permissions

Read Only Admin permissions are required to use this adapter.

If you need to use the "Fetch Admin Roles", then this requires configuring credentials to have Super Admin access to view the other admin roles.
For more information, see Standard Administrator Roles and Permissions.

Additional permissions are required for Okta Enforcement Actions. Refer to Okta Action Permissions.