Okta
  • 19 Jan 2023
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Okta

  • Dark
    Light
  • PDF

Okta provides cloud software that helps companies manage their employees' passwords, by providing a “single sign-on” experience.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users

Parameters

  1. Okta URL (required) - The hostname or IP address of the Okta server. This field format is '[instance].okta.com'.

  2. Okta API Key (required) - An API key, created in the admin panel. For details, see Creating an API Token in Okta.

  3. HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Okta URL.

  4. Number of parallel requests (required, default: 75) - Specify the maximum parallel requests that will be created when connecting to the value supplied in Okta URL.

  5. API rate limit threshold percentage (required, default: 10) - Specify the threshold percentage of the Okta API rate limit when connecting to the value supplied in Okta URL. Axonius will stop the data fetch when the API rate limit will reach to the supplied value.
    6.To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Okta

Advanced Settings

Note:

From version 4.6, Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Email domaininclude list (optional) - specify a comma-separated list of email domains.
    • If supplied, all connections for this adapter will only fetch users whose email domain is in the specified list.
    • If not supplied, all connections for this adapter will fetch all users.
  2. Fetch users apps (required, default: True)
    • If enabled, all connections of this adapter will also fetch information on users application.
    • If disabled, all connections of this adapter will not fetch information on users application.
  3. Fetch users groups (required, default: True) - Select whether to fetch users groups.
    • If enabled, all connections of this adapter will also fetch users groups details.
    • If disabled, all connections of this adapter will not fetch users groups details.
  4. Fetch users authentication factors
    • If enabled, all connections of this adapter will also fetch users authentication factors.
    • If disabled, all connections of this adapter will not fetch users authentication factors.
  5. Time in seconds to sleep between each request (optional) - Specify sleeping time in seconds between each API request Axonius sends to Okta.
    • If supplied, all connections for this adapter will use the specified time between API requests Axonius sends to this adapter.
    • If not supplied, all connections for this adapter will have no sleep time between API requests Axonius sends to this adapter.
  6. Fetch logs (required, default: True) - Select whether to fetch information about user's log events, that include details such as: IP address, browser, OS type.
    • If enabled, all connections of this adapter will also fetch information on users' log events.
    • If disabled, all connections of this adapter will not fetch information on users log events.
  7. Fetch admin roles - Select whether to fetch additional information on admin roles.
    • If enabled, all connections of this adapter will also fetch additional information on admin roles.
    • If disabled, all connections of this adapter will only fetch users with admin roles, without additional information about those roles.
  8. Fetch deprovisioned users - Select whether to fetch users that are deprovisioned.
  9. Display recovery question in View Advanced - Select whether to save the users' recovery questions in the Axonius database.
    • When you enable this parameter, the recovery question is displayed in plain-text in the View Advanced data for the Okta Adapter.
  10. User results limit (required, default: 100) - Specify the number of results per page when Axonius makes the API call. The maximum value is 200.
  11. Only fetch user records (optional) - Select whether to only fetch user records from Okta.
Note:

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

Creating an API Token in Okta

To create an API key

  1. Go to Security and select API.

Okta1.png

.
2. Then select Tokens.
Okta2.png

  1. Select Create Token and select a token with Okta API type.
    Okta3.png

  2. On the pop-up, type a new name for the token and click Create Token.

  3. Copy the token value and save it to a secure location (you will need it later when configuring the adapter).

Permissions

Read Only Admin permissions are required to use this adapter.

If you need to use the "Fetch Admin Roles", then this requires configuring credentials to have Super Admin access to view the other admin roles.
For more information, see Standard Administrator Roles and Permissions.


Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.