Rezonate
  • 🏠Home
  • 🚩Platform Tour
    • đŸ‡ģđŸ‡ŗPlatform Dashboard
    • 🆔Identity Analytics
      • đŸĒĒIdentity Centric
      • 🔡Identity By Platform
    • âš ī¸Risks & Threats
      • Highlighted ITDR Capabilities
  • â„šī¸How-to Guides
    • ➕Adding Integrations
    • đŸ¤ĻManage Users
    • 🧑‍đŸ’ŧCustomize Exposures
    • đŸ‘ī¸â€đŸ—¨ī¸Querying & Filtering Data
  • 📐Core Integrations
    • Azure Integration
      • Required Privilegees
      • Update Certificate for Existing Installation
    • Okta Integration
      • Okta Integration -Remediation Supported
    • Google Workspace
      • 1-Click Integration
      • Legacy Integration
    • Google Cloud Integration
    • Zoom Integration
    • DocuSign Integration
    • GitHub Integration
      • GitHub Enterprise Expansion
    • AWS Integration
      • AWS - Required Privileges
      • Log Streaming Integration
    • Salesforce Integration
      • Salesforce - Collected Data & Query Volume
    • JAMF Pro Integration
    • CircleCI Integration
    • Auth0 Integration
    • Cloudflare Integration
    • CrowdStrike Integration
      • Integrating Permissions
    • Slack Integration
    • Workday Integration
    • BambooHR Integration
    • Snowflake Integration
    • LastPass Integration
    • SentinelOne integration
    • SAP Cloud Platform Integration
    • GitLab Integration
    • Oracle NetSuite Integration
    • Atlassian Cloud Integration
    • Zendesk Integration
    • HiBob Integration
    • Microsoft Defender Integration
    • Docusign Integration
    • Mongo Atlas Integration
    • Ping Identity One Integration
    • Generic HRIS Integration
  • 📍Notifications & Alerts
    • Slack Integration
    • HTTP Webhook Integration
      • Webhook Alert Example - Saved Search
      • Webhook Alert Example- ITDR
    • Microsoft Teams Integration
    • Torq Integration
    • Email Integration
    • Splunk Integration
    • Datadog Integration
    • PagerDuty Integration
    • Jira Integration
  • 🆘Troubleshooting & Support
    • Collectors IP Ranges
    • Data Processing
      • AWS
      • Azure Active Directory
      • Azure Cloud
      • Google Workspace
    • SSO Integrations
      • SSO Login - Okta
      • SSO Login - AzureAd
  • 📓Legal & Terms
Powered by GitBook
On this page
  • API Key Integration
  • Method
  • Okta Store Integration
  • OAuth Method
  • Prerequisites
  • Method
  • Response & Remediation actions prerequisites
  1. Core Integrations

Okta Integration

PreviousUpdate Certificate for Existing InstallationNextOkta Integration -Remediation Supported

Last updated 10 months ago

Integrating with Okta can give Rezonate complete visibility into assets, privileges, and activities. You can integrate with Okta by providing Rezonate with read-only access via an API Key or OAuth service. This document explains how to implement the OAuth method, which is considered more secure and cost-effective.

There are 3 different, supported ways to integrate Rezonate with Okta, all explained in this document:

  1. By Generating an API Key

  2. Through the Okta Marketplace

  3. By Generating Custom SSH Key

API Key Integration

Method

For this method, a read-only administrative API key is needed. this can be generated from the admin console. after creating the key, save and insert the Okta domain & the API Key.

Okta Store Integration

  1. Sign in to your Okta Admin Panel, and select API Service Integrations.

  2. In the integrations list, select Rezonate Security.

  3. After reviewing the permissions click "Install & Authorize"

  1. Take note of the application Client-id & Client-secret.

  2. Login to the Rezonate Console, and click the settings button in the top menu

  3. On the side menu, select Cloud Integrations

  4. Click the "New Integration" Button

  5. Select Okta Integration from the new drawer that opened

  6. Fill out the form, entering your okta domain and then clicking "I have store integration", and fill in the client-id and secret key you collected in step number 2.

OAuth Method

Prerequisites

Before you begin, generate a temporary API key to use when creating the limited read-only OAuth application to assign its scopes. You can delete this API key after the process.

Method

You perform OAuth integration through raw HTTP requests. Rezonate has developed a script to automatically create the application, and make the process easier and faster.

  1. Install Python 3.6+

  2. pip install cryptography
    pip install pyjwkest
  3. Run the okta_integration_script.py (attached below)script with the tenant ID and the temporary API token:

    python okta_integration_script.py --tenant-id TENANT_ID --api-token XXX_API_TOKEN

The TENANT_ID is your Okta Identifier, which is the subdomain in the Okta domain. For example, in the case of rezonate.okta.com, the tenant_id is rezonate.

After executing the script (which will take approximately 1-2 minutes), save the output (the tenant_id, application_id, and private key).

Response & Remediation actions prerequisites

Rezonate allows an automatic, on-demand, and scheduled execution of response & remediation actions in Okta.

To enable this capability, you will need to provide Rezonate with the following permissions:

'okta.users.manage',
'okta.groups.manage'

Install the and Python libraries using the following pip commands:

okta_integration.png
📐
cryptography
pyjwkest
7KB
okta_integration_script.py
Available response actions in Okta