Okta Workflows

02/2024

Fetch end user information and react to Identity Intelligence threat detection using Cisco Identity Intelligence.

Authorization

Prerequisites

Generate client API credentials:

  1. From the Integrations tab, click Add Integration.

  2. Scrolls down and click Add API Client.

  3. Provide a Name and Description.

  4. Click Save and generate credentials.

  5. Click Copy all to copy the credentials to your clipboard.

Create a connection

When you add a Cisco Identity Intelligence card to a flow for the first time, you'll be prompted to configure the connection. This will enable you to connect your Cisco Identity Intelligence account, save your account information, and reuse the connection for future Cisco Identity Intelligence flows.

To create a new connection from an Action card:

  1. Click New Connection.

  2. Enter a Connection Name. This is useful if you plan to create multiple Cisco Identity Intelligence connections to share with your team.

  3. Enter the Client ID, Client Secret and Audience values from the integration created earlier.

  4. Select the appropriate geographical region in the Region dropdown.

  5. Click Create.

Connector cards

Cisco Identity Intelligence event cards

EventDescription

Triggers a flow when a specific check has new users failing the check in Cisco Identity Intelligence.

Cisco Identity Intelligence action cards

ActionDescription

Fetch a concise summary of end-user information, including key fields and relevant details.

Retrieve users associated with a specified IP address.

Events

Identity Intelligence Webhook

Triggers a flow when a specific check has new users failing the check in Cisco Identity Intelligence.

Options

FieldDefinitionTypeRequired

Shared Secret

A secret string for verifying the source of webhooks. It is sent by Cisco Identity Intelligence events in a header named "x-api-client-token" in the webhook payload

Text

TRUE

Check ID

A Cisco Identity Intelligence check ID to send events from to the webhook. This can be later updated in the Cisco Identity Intelligence dashboard.

Text

FALSE

Output

FieldDefinitionType

detail

Webhook payload.

Object

detail -> title

The check title.

Text

detail -> id

The the event ID

Text

detail -> checkId

The ID of the failed check in the Cisco Identity Intelligence that triggered the event

Text

detail -> usersFailing

List of email addresses of users that are failing the check.

List of Text

detail -> published

Timestamp the payload was generated.

Text

detail -> description

List of sentences that describe the check.

List of Text

detail -> recommended Actions

List of sentences that describe the recommended action to mitigate risk.

List of Text

detail -> severity

The check severity in Cisco Identity Intelligence.

Text

detail-type

Indicator if the webhook payload is for "failed check" or "direct message on failure". The value will be empty for "failed check" payloads.

Text

region

The Cisco Identity Intelligence deployment region from which the event originated

Text

id

The webhook event ID

Text

time

The Date/Time the event was triggered

Text

Actions

Get End User State

Fetch a concise summary of end-user information, including key fields and relevant details.

Input

FieldDefinitionTypeRequired

Login

User's email address.

Text

TRUE

Output

FieldDefinitionType

Status Code

HTTP response code.

Number

EndUser State

Summary of end-user information.

Object

id

The user ID in Cisco Identity Intelligence.

Text

displayName

The user's display name.

Text

login

User's email address.

Text

employeeID

The user ID Employee ID in the Identity Provider or HR system.

Text

status

The aggregated user status in the identity providers.

Text

userTypeClassification

The user classification in Cisco Identity Intelligence

Text

managerLogin

User's manager email address.

Text

ipAddresses

List of IP Addresses used by the user.

List of Objects

ipAddresses -> ipAddress

IP Address used by the user.

Text

ipAddresses -> location -> city

IP Geolocation city of the IP Address.

Text

ipAddresses -> location -> state

IP Geolocation state of the IP Address.

Text

ipAddresses -> location -> country

IP Geolocation country of the IP Address.

Text

phoneNumber

User's phone number.

Text

unusedApplications

Names of applications the user has access and did not access in the past 30 days.

List of Text

usedApplications

Names of applications the user has access and accessed in the past 30 days.

List of Text

usedFactors

Authentication factors used by the user.

List of Text

referenceUrl

User's URL in Cisco Identity Intelligence.

Text

registeredLocationDetails

The user's registered location

Object

registeredLocationDetails -> city

The registered location city.

Text

registeredLocationDetails -> state

The registered location state.

Text

registeredLocationDetails -> country

The registered location country.

Text

workingLocationDetails

List of the locations the user works in.

List of Object

workingLocationDetails -> userLocationPrevalence

The prevalence of the working location for the user, as a percentage.

Number

workingLocationDetails -> location -> city

The working location city.

Text

workingLocationDetails -> location -> state

The working location state.

Text

workingLocationDetails -> location -> country

The working location country.

Text

Errors

List of errors that might have occurred in the request.

List of Object

path

Paths that had errors in the request.

List of Text

errorType

Type of the error.

Text

message

Error message.

Text

errorInfo

Information about the error

List of Object

data

Data about the error

List of Object

Get End Users By IP

Retrieve users associated with a specified IP address.

Input

FieldDefinitionTypeRequired

IP Address

IP Address.

Text

TRUE

Output

FieldDefinitionType

Status Code

HTTP response code.

Number

End Users IPs

Itemized list of Users associated with a specified IP address.

Object

id

The user ID in Cisco Identity Intelligence.

Text

displayName

The user display name in Cisco Identity Intelligence

Text

login

User's email address.

Text

referenceURL

User's URL in Cisco Identity Intelligence.

Text

Errors

List of errors that might have occurred in the request.

List of Object

path

Paths that had errors in the request.

List of Text

errorType

Type of the error.

Text

message

Error message.

Text

errorInfo

Information about the error

List of Object

data

Data about the error

List of Object

Last updated