Skip to main content

Okta

Cyscale enables you to keep track and secure your Okta identities. You connect your Okta organization(s) by creating an API Token that Cyscale uses to read your Okta resources.

Connecting Your Okta Organization

Once you are ready to connect your Okta organization and have the required permissions, press the Create button from the top-right corner, select Add Connector, and choose Okta. You will be greeted with a simple multi-step process.

Step 1

In the first step, you provide a name for your Okta connector to be used throughout Cyscale. This is a plain-text identifier that helps you better manage your resources.

Here, you also provide the organization URL - https://my-org.okta.com for example.

Step 2

In the second step, you provide the API token that grants Cyscale access. You can find the exact steps to follow in order to create the token within the application.

Token Permissions

Okta API tokens inherit the permissions of the user that creates them. Ideally, you would have a separate Okta user with read-only permissions (besides permission to create API Tokens) that you use to create the token.

Managing Your Connected Okta Organization(s)

Once connected, your Okta organization(s) will show up in the Connectors list. You can perform the following actions:

Configure

You can update the following information for your Okta connectors:

  • Identity Provider Name - this helps you better identify the connector throughout Cyscale
  • Okta API Token - you might want to rotate the token or, in case the token hasn't been used for more than 30 days, you will have to replace it

Disable/Enable

By default, all connectors are enabled. If you want to prevent Cyscale from syncing and assessing your assets for a certain connector, you can disable it. The state of the connector in Cyscale will be locked until you enable it again. The assets will not be updated based on your actual resources and assessments will not be performed for them.

Sync

You can always trigger a new sync and assessment manually for a given connector (unless the sync is already in progress). This will make Cyscale read all your resources for that particular connector, evaluate the applicable controls, and generate any alerts if necessary.

Service Coverage

The Okta resources that Cyscale can handle are listed in the tables below, along with the number of controls that check their configuration:

IAM# of Controls
User3
Group0
Application0
PasswordPolicy1
Policy1
Management# of Controls
IdentityProvider1