Overview 
JupiterOne provides a managed integration with Okta. The integration connects directly to Okta APIs to obtain account metadata and analyze resource relationships. Customers authorize access by creating an API token in your target Okta account and providing that credential to JupiterOne.
Integration Instance Configuration
The integration is triggered by an event containing the information for a specific integration instance.
Instructions on creating an API token within your Okta account can be found here.
Entities
The following entity resources are ingested when the integration runs:
| Okta Entity Resource | _type : _class of the Entity |
|---|---|
| Account | okta_account : Account |
| Service (SSO & MFA)* | okta_service : Service, Control |
| Application | okta_application : Application |
| Application Group | okta_app_user_group : UserGroup |
| MFA Factor | mfa_device : [Key,AccessKey] |
| Okta Group | okta_user_group : UserGroup |
| User | okta_user : User |
Note: the Service entities can later be connected to security policy
procedures as control providers. This mapping establishes evidence that your
organization security policies, procedures and controls are fully implemented,
monitored, and managed.
Relationships
The following relationships are created/mapped:
okta_account HAS okta_application |
okta_account HAS okta_service |
okta_account HAS okta_user_group |
okta_user ASSIGNED okta_application |
okta_user ASSIGNED mfa_device |
okta_user_group ASSIGNED okta_application |
okta_user_group HAS okta_user |
Tips
All Okta users are automatically mapped to a Person entity as an employee. If
you have service accounts or generic users in Okta, set their userType
attribute to generic or service or bot in Okta user profile to skip this
mapping.
This allows you to find non-interactive users with a query like
Find User that !is Person
Comments
0 comments
Please sign in to leave a comment.