Okta
Overview
Visualize and analyze Okta resources, including users, groups, apps, and roles. Monitor access control and authentication policies to ensure secure and compliant user access management. Enforce governance, manage user lifecycle processes, and integrate with identity providers. Detect and mitigate security vulnerabilities in access configurations and authentication practices to safeguard sensitive data and applications.
Configurations
| Configuration | Description |
|---|---|
| Blueprint Account Name | A human-readable name for your account that will be used to identify this account across the application. |
| URL | The base URL of your Okta instance (i.e., https://dev.okta.com) |
| Access Token | The API token generated in Okta for authentication. |
| Data Crawl Frequency | The frequency at which Kscope will crawl your Okta account for data. |
Permissions
The Okta blueprint requires an API Token which you can create by navigating to https://{your-okta-domain}.okta.com/admin/access/api/tokens (replace {your-okta-domain} with your Okta domain). Please ensure that you give the token a descriptive name and note that the token will inherit the permissions of your user account.
When creating the API token, ensure your user account has access to the following scopes:
Required Permissions:
- Applications:
application - Groups:
group - Users:
user - Authenticators:
authenticator - Policies:
policy - Settings:
supportsetting
Permission Details:
| Permission | Why it's needed |
|---|---|
application | Access application configurations, assignments, and metadata |
group | Read group information, memberships, and group-based access policies |
user | Access user profiles, authentication factors, and user lifecycle data |
authenticator | Read authenticator configurations and multi-factor authentication settings |
policy | Access authentication policies, access policies, and security configurations |
supportsetting | Read system-level settings and organizational configurations |
Important Notes:
- API tokens inherit the permissions of the user who created them
- Ensure your user account has admin privileges to access all required scopes
- The token provides access to resources based on your user's role and permissions
For more details on the Okta permissions, you can refer to the following documentation: Core Okta API Reference
Schema Model
| Resources | Source Entity | Normalized Entity | Description |
|---|---|---|---|
| Okta Users | okta.user.Users | User | A collection of Okta users. |
| Okta User | okta.user.User | User | A single Okta user. |
| Okta App User | okta.application.AppUser | User | User associated with an application. |
| Okta App Link | okta.application.AppLink | Link | Links related to applications. |
| Okta | okta | Instance | The Okta instance. |
| Okta App Group | okta.application.AppGroup | Group | Groups associated with applications. |
| Okta Applications | okta.application.Applications | Application | A collection of Okta applications. |
| Okta Application | okta.application.Application | Application | A single Okta application. |
| Okta User Factor | okta.application.UserFactor | Factor | Factors associated with a user. |
| Okta Groups | okta.group.Groups | Group | A collection of Okta groups. |
| Okta Group | okta.group.Group | Group | A single Okta group. |
| Okta Policies | okta.policy.Policies | Policy | A collection of Okta policies. |
| Okta Policy | okta.policy.Policy | Policy | A single Okta policy. |
| Okta Policy Rule | okta.policy.PolicyRule | Rule | Rules associated with a policy. |
| Okta User Role | okta.user.Role | Role | A role assigned to a user. |
| Okta Group Role | okta.group.Role | Role | A role assigned to a group. |
| Okta User Type | okta.user.UserType | UserType | Types of users in Okta. |
| Okta Authenticators | okta.authenticator.Authenticators | Authenticator | A collection of Okta authenticators. |
| Okta Authenticator | okta.authenticator.Authenticator | Authenticator | A single Okta authenticator. |