Okta
Integration version: 7.0
Configure Okta to work with Google Security Operations
Credentials
-
To obtain your personal API token, sign in to your Okta account .
-
In the Dashboard page, navigate to API > Tokens.
-
To get your token, click Create Token.
-
In the Create Tokendialog, enter token name and click Create Token.
-
Copy and save generated token value. Use this token to configure the Okta integration in Google SecOps.
Network
| Function | Default Port | Direction | Protocol |
|---|---|---|---|
|
API
|
Multivalues | Outbound | apitoken |
Configure Okta integration in Google SecOps
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .
Integration parameters
Use the following parameters to configure the integration:
Actions
Add Group
Add a group.
Parameters
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
Assign Role
Assign a role to a user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
|
User IDs
|
String | N/A | IDs of users in Okta. |
|
Role Types
|
String | N/A | The type of role to assign to the users. |
|
Also Run On Scope
|
Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| Roles | Returns if it exists in JSON result |
Insights
N/A
Disable User
Disables the specified user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
|
User IDs Or Logins
|
String | N/A | IDs of users in Okta. |
|
Is Deactivate
|
Checkbox | Checked | Whether to deactivate or only suspend the user. |
|
Send Email If Deactivate
|
Checkbox | Checked | Whether to send an email after deactivating or not. |
|
Also Run On Scope
|
Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| is_deactivate | If it's True, the user is disabled. Otherwise: False |
| is_send_email_deactivate | If it's True, the user is disabled. Otherwise: False |
Insights
N/A
Enable User
Enables the specified user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
|
User IDs Or Logins
|
String | N/A | IDs or logins of users in Okta. |
|
Is Activate
|
Checkbox | Checked | Whether to activate the user or just unsuspend. |
|
Send Email If Activate
|
Checkbox | Checked | Whether to send an email after activating or not. |
|
Also Run On Scope
|
Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| is_reactivate | If it's True, the user is enabled. Otherwise: False |
| is_send_email_reactivate | If it's True, the user is disabled. Otherwise: False |
Insights
N/A
Get Group
Get information about a group.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
|
Group IDs Or Names
|
String | N/A | IDs or names of groups in Okta. |
|
Is Id
|
Checkbox | Checked | Whether the value is an ID or a name. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
Get user
Get information about a user
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
|
User IDs Or Logins
|
String | N/A | IDs or logins (email or short email name) of a user in Okta, for example: test@gmail.com or simply 'test'. |
|
Also Run On Scope
|
Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Result
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
[
{
"status"
:
"ACTIVE"
,
"profile"
:
{
"mobilePhone"
:
null
,
"firstName"
:
"Test"
,
"lastName"
:
"User"
,
"secondEmail"
:
null
,
"login"
:
"test.user@asd.com"
,
"email"
:
"test.user@asd.com"
},
"passwordChanged"
:
"2022-07-11T06:11:25.000Z"
,
"created"
:
"2022-07-11T06:07:55.000Z"
,
"activated"
:
null
,
"lastUpdated"
:
"2022-07-11T06:11:25.000Z"
,
"_links"
:
{
"schema"
:
{
"href"
:
"https://trial-0000.okta.com/api/v1/meta/schemas/user/osc1xxxxxxxx"
},
"suspend"
:
{
"href"
:
"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/suspend"
,
"method"
:
"POST"
},
"forgotPassword"
:
{
"href"
:
"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/credentials/forgot_password"
,
"method"
:
"POST"
},
"self"
:
{
"href"
:
"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx"
},
"expirePassword"
:
{
"href"
:
"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/expire_password"
,
"method"
:
"POST"
},
"resetFactors"
:
{
"href"
:
"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/reset_factors"
,
"method"
:
"POST"
},
"deactivate"
:
{
"href"
:
"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/deactivate"
,
"method"
:
"POST"
},
"changePassword"
:
{
"href"
:
"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/credentials/change_password"
,
"method"
:
"POST"
},
"changeRecoveryQuestion"
:
{
"href"
:
"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/credentials/change_recovery_question"
,
"method"
:
"POST"
},
"type"
:
{
"href"
:
"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx"
},
"resetPassword"
:
{
"href"
:
"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/reset_password"
,
"method"
:
"POST"
}
},
"lastLogin"
:
"2022-07-11T06:15:14.000Z"
,
"credentials"
:
{
"password"
:
{},
"provider"
:
{
"type"
:
"OKTA"
,
"name"
:
"OKTA"
}
},
"type"
:
{
"id"
:
"oty1xxxxxxxxxxxxx"
},
"id"
:
"oty1xxxxxxxxxxxxx"
,
"statusChanged"
:
"2022-07-11T06:11:25.000Z"
}
]
Entity Enrichment
N/A
Insights
N/A
List Providers
List identity providers (IdPs) in your organization.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
|
Query
|
String | N/A | Search the name property for a match. |
|
Type
|
Checkbox | Checked | Filter by type. |
|
Limit
|
String | 20 | Max amount of results to return. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
List Roles
Lists all roles assigned to a user.
Parameters
| User IDs | String | N/A | IDs of users in Okta. |
|---|---|---|---|
|
Also Run On Scope
|
Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
List User Groups
Get the groups that the user is a member of.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
|
User IDs Or Logins
|
String | N/A | IDs or logins of users in Okta. |
|
Also Run On Scope
|
Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| profile | Returns if it exists in JSON result |
| name | Returns if it exists in JSON result |
Insights
N/A
List Users
Get the list of users.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
|
Query
|
String | N/A | Search for a match in the firstname, lastname or in the email. |
|
Filter
|
String | N/A | Custom search query for a subset of properties. |
|
Search
|
String | N/A | Custom search query for most properties. |
|
Limit
|
String | 200 | Max amount of results to return. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| profile | Returns if it exists in JSON result |
| name | Returns if it exists in JSON result |
Insights
N/A
Ping
Test Connection with Okta.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
N/A
Entity Enrichment
N/A
Insights
N/A
Reset Password
Generate a one-time token that can be used to reset a user's password.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
|
User IDs Or Logins
|
String | N/A | IDs or logins of users in Okta. |
|
Send Email
|
Checkbox | Unchecked | Whether to send an email for the password reset or return the token for every user. |
|
Also Run On Scope
|
Checkbox | Unchecked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| send_email | Returns if it exists in JSON result |
Insights
N/A
Set Password
Set the password of a user without validating the existing credentials.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
|
User IDs Or Logins
|
String | N/A | IDs or logins of users in Okta. |
|
New Password
|
String | N/A | The new password. |
|
Add 10 Random Chars
|
Checkbox | Unchecked | Whether to add extra characters to every user password or not. |
|
Also Run On Scope
|
Checkbox | Unchecked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| set_password | Returns if it exists in JSON result |
Insights
N/A
Send ITP Signal
Distribute Identity Threat Protection (ITP) signals to relevant consumers using the Shared Signals Framework (SSF).
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
|
Key ID
|
String | N/A | The ID of the public key used to verify the private key's signature. |
|
Private Key String
|
Password | N/A | The private key used to sign the signal. The key is provided in a string format and includes the "BEGIN" and "END" statements. |
|
User Email
|
Mail Address | N/A | The email address of the affected user. |
|
Timestamp
|
timestamp | N/A | The timestamp of the signal occurrence. The timestamp format is ISO 8601. |
|
Reason
|
String | N/A | A brief description explaining why the signal was generated. |
|
Severity
|
String or DDL | N/A | The severity level of the signal. |
|
Issuer URL
|
URL | N/A | The source system that created the signal. |
Action Results
JSON Result
{
"status"
:
200
,
"payload"
:{
"iss"
:
"https://www.google.com/"
,
"jti"
:
"3c5fbf0c-3977-11f0-a195-7e498c84a3dd"
,
"iat"
:
1748184472
,
"aud"
:
"https://<your-okta-domain>.oktapreview.com"
,
"events"
:{
"https://schemas.okta.com/secevent/okta/event-type/user-risk-change"
:{
"subject"
:{
"user"
:{
"format"
:
"email"
,
"email"
:
"user@domain.net"
}
},
"current_level"
:
"medium"
,
"previous_level"
:
"low"
,
"reason_admin"
:{
"en"
:
"BadNavigationEvent"
},
"event_timestamp"
:
1742199770057
}
}
}
}
Output messages
| Output message | Message description |
|---|---|
| |
The action succeeded. |
Failed to send the ITP signal to Okta. Error is
{0}".format(exception.stacktrace)
|
The action failed. Check the connection to the server, input parameters, or credentials. |
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | True
or False
|
Unassign Role
Unassign a role from a user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
|
User IDs
|
String | N/A | IDs of users in Okta. |
|
Role IDs Or Names
|
String | N/A | IDs or names of roles in Okta. |
|
Also Run On Scope
|
Checkbox | Unchecked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
ScriptResult
|
N/A | N/A |
JSON Result
N/A
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| unassign_role | Returns if it exists in JSON result |
Insights
N/A
Need more help? Get answers from Community members and Google SecOps professionals.
