Okta Operation
The web format of this guide reflects the most current release. Guides for older iterations are available in PDF format.
Integration Details
ThreatQuotient provides the following details for this integration:
| Current Integration Version | 1.0.0 |
| Compatible with ThreatQ Versions | >= 4.35.0 |
| Support Tier | ThreatQ Supported |
Introduction
The Okta Operation for ThreatQ enables analysts to execute actions against users in their Okta Directory
The operation provides the following action:
- Take Action - take an action on a given user such as Activate, Deactivate, Suspend etc.
The operation is compatible with Identity object types.
Prerequisites
The Okta operation requires an Okta API Token. Use the steps provided below to generate the required token.
Generate an Okta API Token
Follow these steps to generate an Okta API Token:
- Log into your Okta Portal.
- Using the left navigation, Navigate to to
Security -> APIin the left navigation menu. - Select the
Tokenstab. - Click on the
Create Tokenbutton. - Enter a name for the token. ThreatQuotient recommends naming it
ThreatQ. - Click on the
Createbutton. - Copy and save the token to a secure location to reference later.
Installation
This integration can be installed in the My Integration section of your ThreatQ instance. See the Adding an Integration topic for more details.
Configuration
ThreatQuotient does not issue API keys for third-party vendors. Contact the specific vendor to obtain API keys and other integration-related credentials.
To configure the integration:
- Navigate to your integrations management page in ThreatQ.
- Select the Operation option from the Type dropdown (optional).
- Click on the integration entry to open its details page.
- Enter the following parameters under the Configuration tab:
Parameter Description Okta Host Okta Hostname (without HTTP Scheme) Okta API Token Okta API Token found under Security -> API -> Tokenswithin your portal - Review any additional settings, make any changes if needed, and click on Save.
- Click on the toggle switch, located above the Additional Information section, to enable it.
Actions
The operation provides the following action:
| Action | Description | Object Type | Object Subtype |
|---|---|---|---|
| Take Action | Take an action on a given user such as Activate, Deactivate, Reactivate, Suspend, Unsuspend, Unlock, or Expire Password. | Identity | N/A |
Take Action
The Take Action action allows you to take an action on a given user such as: Activate, Deactivate, Reactivate, Suspend, Unsuspend, Unlock, or Expire Password.
POST https://{okta_host}/api/v1/{user_id}/lifecycle/{action}
Due to the nature of this action, there is no API response data or mapping.
Configuration Options
ThreatQuotient provides the following parameters for the Take Action action:
| Parameter | Description |
|---|---|
| Action: | Select the type of action to take on the user: Activate (Provision), Deactivate (De-Provision), Reactivate, Suspend, Unsuspend, Unlock, Expire Password |
| Send Email (Only Activate & Reactivate): | Do you want to send out an email when activating or reactivating the user? |
Known Issues / Limitations
- Certain actions can only be taken on a user (identity) if the user is in a certain status.
- Example 1: a user can only be suspended from the
ACTIVEstate. - Example 2: a user can only be activated from
STAGEDandDEPROVISIONEDstates.
- Example 1: a user can only be suspended from the
Change Log
- Version 1.0.0
- Initial release
PDF Guides
| Document | ThreatQ Version |
|---|---|
| Okta Operation Guide v1.0.0 | 4.35.0 or Greater |