Week 29, 2023

This week’s release notes have it all: new checks, new context, and extended coverage. Whether you’re an Okta, Azure AD, or Duo – there’s plenty for you to enjoy. Read on to learn more.

🫥 Identify Mandatory Fields with Missing Values in Okta

If you have chosen to have mandatory fields in Okta account profiles, this can help ensure that newly created accounts have the correct information that is required. However, if you have user profiles that existed before the mandatory fields were introduced, these fields may be blank. Having missing fields may not seem like a big deal, but they can prevent key automated processes from occurring.
In this release, we’ve released a new check, “Missing Value in Mandatory Field”, that will monitor your entire identity population for such occurrences. To benefit from this check, you will need to ensure that “User Schema” is enabled, which requires the Organization Administrator permission. This can be done by navigating to Integrations, Edit Okta Settings, and Advanced Settings.

📚 Added Explainability for Checks

In this release, we’ve added some helpful context to three checks: inactive users, inactive guest users, and No MFA. Oftentimes, users have identities that live in different identity providers (IdPs). It is useful context, therefore, to understand which IdP that user was inactive or had no MFA registered.
When you click on any failing check in a User 360 profile, a side drawer will appear on the right-hand side. Here, you will be able to access useful context about the check and why a user has failed it. For these three checks, you will now be able to see the integration that this check failure applies to. For example, an employee may be inactive in GitHub, but not in Okta. This new explainability information will help to understand more context on the user that can inform your response.

🚩Extended Azure AD and Duo Coverage: Suspicious Activity Reported by End User

When a user confirms that activity detected by Okta is indeed suspicious, Oort captures that signal and uses it to trigger the “Suspicious Activity Reported by End User” check. You can then investigate these confirmed instances of suspicious activity.
With this release, this check is no longer only about Okta and will monitor for reported suspicious activity from Duo and Azure AD.
In Microsoft, users will confirm if an activity is suspicious via Microsoft's “Report suspicious activity” capability, where users can report suspicious activity through the Microsoft Authenticator or via their phone. In Duo, users will report if an activity is suspicious via a Duo Push.

Bug Fixes and Minor Improvements

  • Personal VPN Usage. This check has been converted to an event-based check, which means that you can leave feedback and “Mark as Normal”. In doing so, you can better resolve failing checks.
  • System Logs. You can now view the admin that sent a notification within the audit logs.
  • Duo Activity Logs Collection. Enhanced collection for Duo activity logs. Additional results will be displayed in the Activity section of the User 360 profile.