Okta
Integration version: 6.0
Configure Okta to work with Google Security Operations SOAR
Credentials
To obtain your personal API token, sign in to your Okta account.
In the Dashboard page, navigate to API > Tokens.
To get your token, click Create Token.
In the Create Token dialog, enter token name and click Create Token.
Copy and save generated token value. Use this token to configure the Okta integration in Google Security Operations SOAR.
Network
| Function | Default Port | Direction | Protocol |
|---|---|---|---|
| API | Multivalues | Outbound | apitoken |
Configure Okta integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Integration parameters
Use the following parameters to configure the integration:
Actions
Add Group
Description
Add a group.
Parameters
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
Assign Role
Description
Assign a role to a user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs | String | N/A | IDs of users in Okta. |
| Role Types | String | N/A | The type of role to assign to the users. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| Roles | Returns if it exists in JSON result |
Insights
N/A
Disable User
Description
Disables the specified user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs of users in Okta. |
| Is Deactivate | Checkbox | Checked | Whether to deactivate or only suspend the user. |
| Send Email If Deactivate | Checkbox | Checked | Whether to send an email after deactivating or not. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| is_deactivate | If it's True, the user is disabled. Otherwise: False |
| is_send_email_deactivate | If it's True, the user is disabled. Otherwise: False |
Insights
N/A
Enable User
Description
Enables the specified user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins of users in Okta. |
| Is Activate | Checkbox | Checked | Whether to activate the user or just unsuspend. |
| Send Email If Activate | Checkbox | Checked | Whether to send an email after activating or not. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| is_reactivate | If it's True, the user is enabled. Otherwise: False |
| is_send_email_reactivate | If it's True, the user is disabled. Otherwise: False |
Insights
N/A
Get Group
Description
Get information about a group.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| Group IDs Or Names | String | N/A | IDs or names of groups in Okta. |
| Is Id | Checkbox | Checked | Whether the value is an ID or a name. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
Get user
Description
Get information about a user
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins (email or short email name) of a user in Okta, for example: test@gmail.com or simply 'test'. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Result
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
[
{
"status": "ACTIVE",
"profile": {
"mobilePhone": null,
"firstName": "Test",
"lastName": "User",
"secondEmail": null,
"login": "test.user@asd.com",
"email": "test.user@asd.com"
},
"passwordChanged": "2022-07-11T06:11:25.000Z",
"created": "2022-07-11T06:07:55.000Z",
"activated": null,
"lastUpdated": "2022-07-11T06:11:25.000Z",
"_links": {
"schema": {
"href": "https://trial-0000.okta.com/api/v1/meta/schemas/user/osc1xxxxxxxx"
},
"suspend": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/suspend",
"method": "POST"
},
"forgotPassword": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/credentials/forgot_password",
"method": "POST"
},
"self": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx"
},
"expirePassword": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/expire_password",
"method": "POST"
},
"resetFactors": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/reset_factors",
"method": "POST"
},
"deactivate": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/deactivate",
"method": "POST"
},
"changePassword": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/credentials/change_password",
"method": "POST"
},
"changeRecoveryQuestion": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/credentials/change_recovery_question",
"method": "POST"
},
"type": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx"
},
"resetPassword": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/reset_password",
"method": "POST"
}
},
"lastLogin": "2022-07-11T06:15:14.000Z",
"credentials": {
"password": {},
"provider": {
"type": "OKTA",
"name": "OKTA"
}
},
"type": {
"id": "oty1xxxxxxxxxxxxx"
},
"id": "oty1xxxxxxxxxxxxx",
"statusChanged": "2022-07-11T06:11:25.000Z"
}
]
Entity Enrichment
N/A
Insights
N/A
List Providers
Description
List identity providers (IdPs) in your organization.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| Query | String | N/A | Search the name property for a match. |
| Type | Checkbox | Checked | Filter by type. |
| Limit | String | 20 | Max amount of results to return. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
List Roles
Description
Lists all roles assigned to a user.
Parameters
| User IDs | String | N/A | IDs of users in Okta. |
|---|---|---|---|
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
List User Groups
Description
Get the groups that the user is a member of.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins of users in Okta. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| profile | Returns if it exists in JSON result |
| name | Returns if it exists in JSON result |
Insights
N/A
List Users
Description
Get the list of users.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| Query | String | N/A | Search for a match in the firstname, lastname or in the email. |
| Filter | String | N/A | Custom search query for a subset of properties. |
| Search | String | N/A | Custom search query for most properties. |
| Limit | String | 200 | Max amount of results to return. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| profile | Returns if it exists in JSON result |
| name | Returns if it exists in JSON result |
Insights
N/A
Ping
Description
Test Connection with Okta.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
Reset Password
Description
Generate a one-time token that can be used to reset a user's password.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins of users in Okta. |
| Send Email | Checkbox | Unchecked | Whether to send an email for the password reset or return the token for every user. |
| Also Run On Scope | Checkbox | Unchecked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| send_email | Returns if it exists in JSON result |
Insights
N/A
Set Password
Description
Set the password of a user without validating the existing credentials.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins of users in Okta. |
| New Password | String | N/A | The new password. |
| Add 10 Random Chars | Checkbox | Unchecked | Whether to add extra characters to every user password or not. |
| Also Run On Scope | Checkbox | Unchecked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| set_password | Returns if it exists in JSON result |
Insights
N/A
Unassign Role
Description
Unassign a role from a user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs | String | N/A | IDs of users in Okta. |
| Role IDs Or Names | String | N/A | IDs or names of roles in Okta. |
| Also Run On Scope | Checkbox | Unchecked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| unassign_role | Returns if it exists in JSON result |
Insights
N/A