Okta
Visualize Okta users, groups, devices, applications, and services, map users to employees, and monitor changes through queries and alerts.
- Installation guide
- Okta data model
Installation
For this integration, you will need to create an API Token on Okta from an Okta account with admin permissions. Ensure that you are in admin-mode when creating the token by selecting the Admin button in the top right prior to creating the API Token.
Depending on the Okta account's admin role level, fetching role information requires the supplied token to have Super Administrator privileges. If Read Only Administrator or Organization Administrator are provided instead, the step will fail, but all other ingestion steps will remain unaffected.
Per the Okta documentation: API tokens are valid for 30 days and automatically renew every time they are used with an API request. When a token has been inactive for more than 30 days it is revoked and cannot be used again. Tokens are also only valid if the user who created the token is also active.
For additional information regarding Okta API tokens, see their documentation for more information.
Configuration in JupiterOne
To install the Okta integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Okta. Click New Instance to begin configuring your integration.
Creating a configuration requires the following:
The Account Name used to identify the Okta account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled.Description to assist in identifying the integration instance, if desired.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.Enter the Organization URL unique to your Okta organization and your Okta API Key.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Okta Account | okta_account | Account |
| Okta App UserGroup | okta_app_user_group | UserGroup |
| Okta Application | okta_application | Application |
| Okta Device | okta_device | Device |
| Okta Factor Device | mfa_device | Key, AccessKey |
| Okta Role | okta_role | AccessRole |
| Okta Rule | okta_rule | Configuration |
| Okta Service | okta_service | Service, Control |
| Okta User | okta_user | User |
| Okta UserGroup | okta_user_group | UserGroup |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
okta_account | HAS | okta_app_user_group |
okta_account | HAS | okta_application |
okta_account | HAS | okta_device |
okta_account | HAS | okta_rule |
okta_account | HAS | okta_service |
okta_account | HAS | okta_user |
okta_account | HAS | okta_user_group |
okta_app_user_group | HAS | okta_user |
okta_rule | MANAGES | okta_user_group |
okta_user | ASSIGNED | aws_iam_role |
okta_user | ASSIGNED | mfa_device |
okta_user | ASSIGNED | okta_application |
okta_user | CREATED | okta_application |
okta_user | HAS | okta_device |
okta_user | ASSIGNED | okta_role |
okta_user_group | ASSIGNED | aws_iam_role |
okta_user_group | ASSIGNED | okta_role |
okta_user_group | HAS | okta_user |
okta_user_group, okta_app_user_group | ASSIGNED | okta_application |