Okta Integration

Integrating with Okta can give Rezonate complete visibility into assets, privileges, and activities. You can integrate with Okta by providing Rezonate with read-only access via an API Key or OAuth service. This document explains how to implement the OAuth method, which is considered more secure and cost-effective.

There are 3 different, supported ways to integrate Rezonate with Okta, all explained in this document:

1. By Generating an API Key

2. Through the Okta Marketplace

3. By Generating Custom SSH Key

API Key Integration

Method

For this method, a read-only administrative API key is needed. this can be generated from the admin console. after creating the key, save and insert the Okta domain & the API Key.

Okta Store Integration

1. Sign in to your Okta Admin Panel, and select API Service Integrations.

2. In the integrations list, select Rezonate Security.

3. After reviewing the permissions click "Install & Authorize"

1. Take note of the application Client-id & Client-secret.

2. Login to the Rezonate Console, and click the settings button in the top menu

3. On the side menu, select Cloud Integrations

4. Click the "New Integration" Button

5. Select Okta Integration from the new drawer that opened

6. Fill out the form, entering your okta domain and then clicking "I have store integration", and fill in the client-id and secret key you collected in step number 2.

OAuth Method

Prerequisites

Before you begin, generate a temporary API key to use when creating the limited read-only OAuth application to assign its scopes. You can delete this API key after the process.

Method

You perform OAuth integration through raw HTTP requests. Rezonate has developed a script to automatically create the application, and make the process easier and faster.

1. Install Python 3.6+

2. Install the cryptography and pyjwkest Python libraries using the following pip commands:

   Copy

   pip install cryptography

   Copy

   pip install pyjwkest

3. Run the okta_integration_script.py (attached below)script with the tenant ID and the temporary API token:

   Copy

   python okta_integration_script.py --tenant-id TENANT_ID --api-token XXX_API_TOKEN

The TENANT_ID is your Okta Identifier, which is the subdomain in the Okta domain. For example, in the case of rezonate.okta.com, the tenant_id is rezonate.

After executing the script (which will take approximately 1-2 minutes), save the output (the tenant_id, application_id, and private key).

Response & Remediation actions prerequisites

Rezonate allows an automatic, on-demand, and scheduled execution of response & remediation actions in Okta.

To enable this capability, you will need to provide Rezonate with the following permissions:

'okta.users.manage',
'okta.groups.manage'