Oort Knowledge Base
Search
K
Comment on page

Okta Data Integration

10/2023

Overview

The Oort identity security platform reads a variety of user account data and event data to build a full picture of the identity security posture of your Okta tenant, as well as on-going identity threats against your organization.

Goal

The goal of this document is to serve as a guide to set up Oort with a data integration to your Okta tenant.

Okta Data Integration

Understanding Oort API token permissions

There are two groups of API types of permissions sets that can be used with your Oort tenant and Okta
  • Read-only API token - this is generated using a read-only admin account (steps below) and used for data ingestion and analysis only
  • Read/write API token - this involves the creation of a specific role in Okta with the necessary read/write permissions in order to take advantage of the defined list of Oort Remediation Actions.
Remediation actions can only be taken by administrator or help desk roles in Oort and are limited to the list in the above article.

Permission requirements for setting up Oort integration with Okta

To add the necessary configuration in Okta, you need to be one of the following:
  • Super admin

Read-only Okta Setup Steps

  1. 1.
    You will need an account with the read-only role in your Okta tenant. If you do not have one, create a specific admin service account for this purpose only and give it the read-only role.
  2. 2.
    Login to the Okta admin console with that read-only admin account.
  3. 3.
    Generate an API token as described by the Okta documentation here.
  4. 4.
    Copy the token value for use in the Oort console. If you use a credential or secret vault, you may want to store the token value security there.

Remediation Actions & Read-write Okta Setup Steps

In order to support the Remediation Actions between Oort and Okta, the following roles must be configured for the Oort service account (admin account) in Okta:
  • Read-only role
  • Help Desk role (required for push notification)
  • Custom role (required for actions like Quarantine user and change User Type)
For an overview of Okta custom roles, see this article.
  1. 1.
    Note - this section of instructions assumes that you already have an Oort service account created in Okta. If you do not, create one.
  2. 2.
    Assign the Oort service account to the Read-only Administrator and Help Desk Administrator roles. (shown above)
  3. 3.
    In the Admin Console, go to Security -> Administrators.
  4. 4.
    Create a Resource Set that corresponds to the scope that Oort administrators or help desk / support users should have access. Most likely, this will be all users, groups, and applications.
  5. 5.
    Create the Custom Role. Go to the Roles tab. The Roles tab displays a list of previously created standard and custom admin roles.
  6. 6.
    Click Create new role.
  7. 7.
    In the Role name field, enter the name of the role. Choose a name that indicated the role is for use with Oort.
    1. 1.
      Optional. In the Role description field, enter a short description of the role.
  8. 8.
    Select the required user permissions and group permissions as shown in the screenshots below. See Okta's article About role permissions for more information
    Screenshot 2023-03-28 at 9 16 34
    Screenshot 2023-03-28 at 9 17 34
  9. 9.
    Click Save role. You can see the role that you created listed on the Roles tab.
  10. 10.
    You will need a service account assigned to this role in your Okta tenant. Complete the assignment to the Oort Service account with the correct Resource Set.

Generate the API Token

  1. 1.
    Login to the Okta admin console with this specific account.
  2. 2.
    Generate an API token as described by the Okta documentation here.
  3. 3.
    Copy the token value for use in the Oort console. If you use a credential or secret vault, you may want to store the token value security there.

Oort Configuration

  1. 1.
    Login to the Oort console
  2. 2.
    Click Integrations tab -> Add Integration -> Okta.
  3. 3.
    In the New Okta integration page, enter the following -
    1. 1.
      A display name for the integration, such as Okta-[customer name]
    2. 2.
      Instance URL - the is the primary FQDN of your Okta tenant, such as https://[customername].okta.com
    3. 3.
      Okta API token generated in the previous steps
  4. 4.
    Click the Advanced tab. If your Oort tenant is on the new Okta Identity Enginer (OIE) version, then check the 3 additional boxes for Devices, Authenticators, and Authenticators to Users.
  5. 5.
    Click Save.
  6. 6.
    On the Integrations page, click the three dots menu on the right side of the new Okta integration tile. Click Test Connectivity.
  7. 7.
    Once successfully verified, click the 3-dot menu again and select Edit settings for the Okta integration. Go to the Event Streaming tab.
  8. 8.
    Use the information provided to set up Okta log streaming via an AWS Eventbridge. Instructions can be found here.
  9. 9.
    If your Okta tenant is on the Okta Identity Engine (OIE) version, please check the following data types under the Advanced Tab:
    1. 1.
      Devices
    2. 2.
      Authenticators
    3. 3.
      Authenticators to Users
  10. 10.
    After registering the log stream and clicking Save, use the 3-dot menu to click Collect Now to begin initial data collection.
NOTE - Due to Okta API rate limiting, the initial data collection, including historical log data, may take 24 hrs or longer. Your Oort technical contact will assist with any questions in this process.
Previous
Okta AWS EventBridge Streaming Integration
Next
Okta Integration Network - Production SSO App
Last modified 1mo ago