Skip to main content


Visualize Orca Security assets, findings, roles, users, and user groups, map Orca users to employees, and monitor changes through queries and alerts.


To initiate this integration in JupiterOne, you will first need to create an API token within Orca to use in JupiterOne.

Configuration in Orca

To create an API token:

  1. Log into the Orca dashboard and navigate to Settings > Modules > Integrations.
  2. Scroll to the SIEM/SOAR section.
  3. Find the JupiterOne tile and press CONFIGURE
  4. Enter a Name and Description (optional)
  5. Select the Internal Viewer role. If a lesser role is provided, the integration will attempt to run as many steps as it is able to.
  6. Select the desired unit Scope. To ingest all data from all units, select All Cloud Accounts
  7. Press CREATE TOKEN and copy the token value that appears for use in JupiterOne. The token value will not be available after closing this screen.

Legacy API Keys will continue to be supported until Orca removes support for them. For more information about API Tokens, see Orca's documentation.

Configuration in JupiterOne

To install the Orca integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Orca. Click New Instance to begin configuring your integration.

Creating a configuration requires the following:

  • The Account Name used to identify the Orca account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

  • Description to assist in identifying the integration instance, if desired.

  • Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

  • Your Orca Security Account Email (the email address used within Orca to generate the API credentials).

  • Lastly, the Orca API Key, corresponding Token, and Orca API Base URL from your Orca account.

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.