Week 12, 2022
Last updated
Last updated
🟢 Duo Integration
As much as we like to believe that the IAM world starts and stops with Okta and Azure AD, there really is so much more to it. Cisco’s Duo platform for multi-factor authentication has amazing market share and sits side-by-side with many Cloud SSO providers (such as Okta).
Neither one of these products (neither Okta nor Duo) have very good analytics and threat detection capabilities. We’re here to bridge the gap with the all new Duo Integration for Oort.
A few things you can d(u)o right out of the gate:
1. Detect users who are active in your SSO but absent from Duo (MFA enrollment is a pain!)
2. View MFA logs from Duo in for each user in the Activity view side-by-side with SSO logs
3. View details about what factors Duo is using to authenticate users
Over the next few weeks we’ll be rolling out more Duo-related capabilities including compliance checks and additional threat checks, such as MFA fatigue.
🐼 Protected Population
Every identity is a potential attack vector. Oort exists to protect your identities from being compromised by would-be attackers. However, this can be an intimidating and overwhelming problem when you have thousands of identities and just as many issues to resolve. Instead of trying to solve everything all at once, we are now introducing the concept of a “Protected Population” to help reduce the scope to a manageable level.
Protected Population allows you to configure specific groups to target with Oort’s existing library of identity checks. For example:
Retailers can exclude frontline and temporary workers
Universities can exclude student/alumni accounts to focus on just faculty and staff
⏬ Download Users CSV
We want to make it as easy as possible to resolve issues directly within Oort. That said, sometimes you just need a good ol’ spreadsheet with a list of users. One of our most requested features is a download button to extract users who are failing a particular check. We’ve now added this capability to two locations in the product.
First, to the Check Detail screen for every check. Hitting the “Download Users” button here will produce a CSV containing all the users who are failing this particular check.
Second, on the Users List screen. You can decide how you want to filter the Users List before hitting the download button.
Additional Features
🌉 Okta Log Streaming to AWS EventBridge – by default, Oort pulls data from various data sources once per day. With Okta’s latest release, we can also configure your Okta instance to stream events to an AWS EventBridge where they can be consumed by Oort. This new integration option reduces the burden on your Okta API rate limits and will eventually enable us to produce real-time alerts for specific scenarios that require them.
🙋♀️ Request Check / Integration – looking for a new check or integration? Hit the “Request Check” or the “Request Integration” button on their respective screens in the product to send a message directly to the Oort engineering team.
🔎 Global search – all new in the upper left: global search! You can search for usernames, email addresses, group names, IP addresses, locations, and more. Try it out to quickly bring up the data you need without having to click around.
🔺 Failed Check Notifications – we’ve updated our check notification messages to email, slack, and teams to only send the list of users who have started failing each check since the last notification was sent. This “delta notification” will help you stay on top of the latest failures in your environment.
👨👩👧👦 Group Membership Search – did you know you can filter the Users List by group membership? Just put the name of a group into the text box next to the “Filters” button and you’ll get a list of all users who are members of that particular group.
That’s all for this week! Take care and let us know how we can help you with your Identity Security needs!
