Okta
Integration version: 7.0
Configure Okta to work with Google Security Operations
Credentials
To obtain your personal API token, sign in to your Okta account.
In the Dashboard page, navigate to API > Tokens.
To get your token, click Create Token.
In the Create Token dialog, enter token name and click Create Token.
Copy and save generated token value. Use this token to configure the Okta integration in Google SecOps.
Network
| Function | Default Port | Direction | Protocol |
|---|---|---|---|
| API | Multivalues | Outbound | apitoken |
Configure Okta integration in Google SecOps
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations.
Integration parameters
Use the following parameters to configure the integration:
Actions
Add Group
Add a group.
Parameters
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
Assign Role
Assign a role to a user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs | String | N/A | IDs of users in Okta. |
| Role Types | String | N/A | The type of role to assign to the users. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| Roles | Returns if it exists in JSON result |
Insights
N/A
Disable User
Disables the specified user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs of users in Okta. |
| Is Deactivate | Checkbox | Checked | Whether to deactivate or only suspend the user. |
| Send Email If Deactivate | Checkbox | Checked | Whether to send an email after deactivating or not. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| is_deactivate | If it's True, the user is disabled. Otherwise: False |
| is_send_email_deactivate | If it's True, the user is disabled. Otherwise: False |
Insights
N/A
Enable User
Enables the specified user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins of users in Okta. |
| Is Activate | Checkbox | Checked | Whether to activate the user or just unsuspend. |
| Send Email If Activate | Checkbox | Checked | Whether to send an email after activating or not. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| is_reactivate | If it's True, the user is enabled. Otherwise: False |
| is_send_email_reactivate | If it's True, the user is disabled. Otherwise: False |
Insights
N/A
Get Group
Get information about a group.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| Group IDs Or Names | String | N/A | IDs or names of groups in Okta. |
| Is Id | Checkbox | Checked | Whether the value is an ID or a name. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
Get user
Get information about a user
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins (email or short email name) of a user in Okta, for example: test@gmail.com or simply 'test'. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Result
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
[
{
"status": "ACTIVE",
"profile": {
"mobilePhone": null,
"firstName": "Test",
"lastName": "User",
"secondEmail": null,
"login": "test.user@asd.com",
"email": "test.user@asd.com"
},
"passwordChanged": "2022-07-11T06:11:25.000Z",
"created": "2022-07-11T06:07:55.000Z",
"activated": null,
"lastUpdated": "2022-07-11T06:11:25.000Z",
"_links": {
"schema": {
"href": "https://trial-0000.okta.com/api/v1/meta/schemas/user/osc1xxxxxxxx"
},
"suspend": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/suspend",
"method": "POST"
},
"forgotPassword": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/credentials/forgot_password",
"method": "POST"
},
"self": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx"
},
"expirePassword": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/expire_password",
"method": "POST"
},
"resetFactors": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/reset_factors",
"method": "POST"
},
"deactivate": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/deactivate",
"method": "POST"
},
"changePassword": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/credentials/change_password",
"method": "POST"
},
"changeRecoveryQuestion": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/credentials/change_recovery_question",
"method": "POST"
},
"type": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx"
},
"resetPassword": {
"href": "https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/reset_password",
"method": "POST"
}
},
"lastLogin": "2022-07-11T06:15:14.000Z",
"credentials": {
"password": {},
"provider": {
"type": "OKTA",
"name": "OKTA"
}
},
"type": {
"id": "oty1xxxxxxxxxxxxx"
},
"id": "oty1xxxxxxxxxxxxx",
"statusChanged": "2022-07-11T06:11:25.000Z"
}
]
Entity Enrichment
N/A
Insights
N/A
List Providers
List identity providers (IdPs) in your organization.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| Query | String | N/A | Search the name property for a match. |
| Type | Checkbox | Checked | Filter by type. |
| Limit | String | 20 | Max amount of results to return. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
List Roles
Lists all roles assigned to a user.
Parameters
| User IDs | String | N/A | IDs of users in Okta. |
|---|---|---|---|
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
List User Groups
Get the groups that the user is a member of.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins of users in Okta. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| profile | Returns if it exists in JSON result |
| name | Returns if it exists in JSON result |
Insights
N/A
List Users
Get the list of users.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| Query | String | N/A | Search for a match in the firstname, lastname or in the email. |
| Filter | String | N/A | Custom search query for a subset of properties. |
| Search | String | N/A | Custom search query for most properties. |
| Limit | String | 200 | Max amount of results to return. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| profile | Returns if it exists in JSON result |
| name | Returns if it exists in JSON result |
Insights
N/A
Ping
Test Connection with Okta.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
Reset Password
Generate a one-time token that can be used to reset a user's password.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins of users in Okta. |
| Send Email | Checkbox | Unchecked | Whether to send an email for the password reset or return the token for every user. |
| Also Run On Scope | Checkbox | Unchecked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| send_email | Returns if it exists in JSON result |
Insights
N/A
Set Password
Set the password of a user without validating the existing credentials.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins of users in Okta. |
| New Password | String | N/A | The new password. |
| Add 10 Random Chars | Checkbox | Unchecked | Whether to add extra characters to every user password or not. |
| Also Run On Scope | Checkbox | Unchecked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| set_password | Returns if it exists in JSON result |
Insights
N/A
Send ITP Signal
Distribute Identity Threat Protection (ITP) signals to relevant consumers using the Shared Signals Framework (SSF).
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| Key ID | String | N/A | The ID of the public key used to verify the private key's signature. |
| Private Key String | Password | N/A | The private key used to sign the signal. The key is provided in a string format and includes the "BEGIN" and "END" statements. |
| User Email | Mail Address | N/A | The email address of the affected user. |
| Timestamp | timestamp | N/A | The timestamp of the signal occurrence. The timestamp format is ISO 8601. |
| Reason | String | N/A | A brief description explaining why the signal was generated. |
| Severity | String or DDL | N/A | The severity level of the signal. |
| Issuer URL | URL | N/A | The source system that created the signal. |
Action Results
JSON Result
{
"status":200,
"payload":{
"iss":"https://www.google.com/",
"jti":"3c5fbf0c-3977-11f0-a195-7e498c84a3dd",
"iat":1748184472,
"aud":"https://nikhilp.oktapreview.com",
"events":{
"https://schemas.okta.com/secevent/okta/event-type/user-risk-change":{
"subject":{
"user":{
"format":"email",
"email":"user@domain.net"
}
},
"current_level":"medium",
"previous_level":"low",
"reason_admin":{
"en":"BadNavigationEvent"
},
"event_timestamp":1742199770057
}
}
}
}
Output messages
| Output message | Message description |
|---|---|
|
The action succeeded. |
Failed to send the ITP signal to Okta. Error is
{0}".format(exception.stacktrace) |
The action failed. Check the connection to the server, input parameters, or credentials. |
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | True or False |
Unassign Role
Unassign a role from a user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs | String | N/A | IDs of users in Okta. |
| Role IDs Or Names | String | N/A | IDs or names of roles in Okta. |
| Also Run On Scope | Checkbox | Unchecked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| unassign_role | Returns if it exists in JSON result |
Insights
N/A
Need more help? Get answers from Community members and Google SecOps professionals.