Okta Data Integration
08/2024
Last updated
08/2024
Last updated
The Cisco Identity Intelligence security platform reads a variety of user account data and event data to build a full picture of the identity security posture of your Okta tenant, as well as on-going identity threats against your organization.
Identity Intelligence has created an OAuth2 SPI service application in the Okta network for the purpose of the data ingestion.
This bar below is the link to the application in the Okta network 👇
To implement this application, do the following:
Confirm that your Okta organization is using Okta Identity Engine (OIE), and not Okta Classic. Upgrade if needed. If you're unsure which solution you're using, check the footer on any page of the Okta Admin Console. The version number is appended with E for OIE orgs and C for Classic Engine orgs.
Click Add Integration from the link in the bar above ☝️ or search for the API Integration within the Okta Admin Console (If you have multiple tenants, ensure you're signed into the correct Okta org!) and click Next
Click Install & Authorize
Copy the client secret to a secure location, such as a key vault, if desired
Click Done
New Okta integrations (For EXISTING Okta integrations, jump to step 7 below)
Within your CII tenant, go to the Integrations page and click Add Integration. Select the Okta integration.
Enter the display name, Issuer (your Okta URL), Client ID, and Client Secret in the respective fields and click the Save button
Existing Okta integrations (For NEW Okta integrations, jump to step 8 below)
After completing Steps 1-5 above - within your CII tenant, go to the Integrations page and click Edit on your existing Okta integration
Click Convert to OAuth2 button
Enter the display name, Issuer (your Okta URL), Client ID, and Client Secret
Under the Advanced Tab, enable the User Schema and Roles to Users data types and click the Save button
After configuration is completed in both systems, you may see a yellow banner on the Identity Intelligence API Service App page in the Okta Admin Console that states, "Cisco Identity Intelligence - Read - Write Management API Service is not configured until you complete the setup instructions". You can disregard this message. The integration is fully configured
On the Integrations page, click the three dots menu on the right side of the new Okta integration tile. Click Test Connectivity.
If you have the Log Streaming module as part of your current Okta subscription follow the steps below to configure Log Streaming. Log Streaming is not required to configure the Okta Data Integration, but it is recommended if you have it.
Once successfully verified, click the 3-dot menu again and select Edit settings for the Okta integration. Go to the Event Streaming tab.
Use the information provided to set up Okta log streaming via an AWS Eventbridge. Instructions can be found here.
After registering the log stream and clicking Save, use the 3-dot menu to click Collect Now to begin initial data collection.
NOTE - Due to Okta API rate limiting, the initial data collection, including historical log data, may take 24 hrs or longer. Your Identity Intelligence technical contact will assist with any questions in this process.