Okta Data Integration

08/2022 - rev 1

Overview

The Oort identity security platform reads a variety of user account data and event data to build a full picture of the identity security posture of your Okta tenant, as well as on-going identity threats against your organization.

Goal

The goal of this document is to serve as a guide to set up Oort with a data integration to your Okta tenant.  

Okta Data Integration

Okta integration is configured using a read-only API token.

Permission requirements for setting up Oort integration with Okta

To add the necessary configuration in Okta, you need to be one of the following:

  • Read-only administrator

Setup Steps

There are 3 steps you need to go through to set up the data integration between Okta and Oort.

  1. Login to the Okta admin console with a read-only admin account.
    Note - some organizations create a specific admin service account for this purpose only, on a per integration basis.
  2. Generate an API token as described by the Okta documentation here.
  3. Login to the Oort console
  4. Click Integrations tab -> Add Integration -> Okta.

screenshot 2022 08 15 132415

  1. In the New Okta integration page, enter the following -
  • A display name for the integration, such as Okta-[customer name]
  • Instance URL - the is the primary FQDN of your Okta tenant, such as https://[customername].okta.com
  • Okta API token generated in the previous steps

screenshot 2022 08 15 132631

  1. Click Save.

  2. On the Integrations page, click the three dots menu on the right side of the new Okta integration tile. Click Test Connectivity.

screenshot 2022 04 12 111218

  1. Once successfully verified, click the same menu again and click Collect Now to begin initial data collection.

NOTE - Due to Okta API rate limiting, the initial data collection, including historical log data, may take up to 24 hrs. Your Oort technical contact will assist with any questions in this process.