Okta Integration

PreviousUpdate Certificate for Existing Installation NextOkta Integration -Remediation Supported

Last updated 9 months ago

Okta Integration

Integrating with Okta can give Rezonate complete visibility into assets, privileges, and activities. You can integrate with Okta by providing Rezonate with read-only access via an API Key or OAuth service. This document explains how to implement the OAuth method, which is considered more secure and cost-effective.

There are 3 different, supported ways to integrate Rezonate with Okta, all explained in this document:

By Generating an API Key
Through the Okta Marketplace
By Generating Custom SSH Key

API Key Integration

Method

For this method, a read-only administrative API key is needed. this can be generated from the admin console. after creating the key, save and insert the Okta domain & the API Key.

Okta Store Integration

Sign in to your Okta Admin Panel, and select API Service Integrations.
In the integrations list, select Rezonate Security.
After reviewing the permissions click "Install & Authorize"

Take note of the application Client-id & Client-secret.
Login to the Rezonate Console, and click the settings button in the top menu
On the side menu, select Cloud Integrations
Click the "New Integration" Button
Select Okta Integration from the new drawer that opened
Fill out the form, entering your okta domain and then clicking "I have store integration", and fill in the client-id and secret key you collected in step number 2.

OAuth Method

Prerequisites

Before you begin, generate a temporary API key to use when creating the limited read-only OAuth application to assign its scopes. You can delete this API key after the process.

Method

You perform OAuth integration through raw HTTP requests. Rezonate has developed a script to automatically create the application, and make the process easier and faster.

Install Python 3.6+

pip install cryptography

pip install pyjwkest

Run the okta_integration_script.py (attached below)script with the tenant ID and the temporary API token:
```
python okta_integration_script.py --tenant-id TENANT_ID --api-token XXX_API_TOKEN
```

The TENANT_ID is your Okta Identifier, which is the subdomain in the Okta domain. For example, in the case of rezonate.okta.com, the tenant_id is rezonate.

After executing the script (which will take approximately 1-2 minutes), save the output (the tenant_id, application_id, and private key).

Response & Remediation actions prerequisites

Rezonate allows an automatic, on-demand, and scheduled execution of response & remediation actions in Okta.

To enable this capability, you will need to provide Rezonate with the following permissions:

'okta.users.manage',
'okta.groups.manage'

PreviousUpdate Certificate for Existing Installation NextOkta Integration -Remediation Supported

Last updated 9 months ago

There are 3 different, supported ways to integrate Rezonate with Okta, all explained in this document:

By Generating an API Key
Through the Okta Marketplace
By Generating Custom SSH Key

API Key Integration

Method

For this method, a read-only administrative API key is needed. this can be generated from the admin console. after creating the key, save and insert the Okta domain & the API Key.

Okta Store Integration

Sign in to your Okta Admin Panel, and select API Service Integrations.
In the integrations list, select Rezonate Security.
After reviewing the permissions click "Install & Authorize"

Take note of the application Client-id & Client-secret.
Login to the Rezonate Console, and click the settings button in the top menu
On the side menu, select Cloud Integrations
Click the "New Integration" Button
Select Okta Integration from the new drawer that opened
Fill out the form, entering your okta domain and then clicking "I have store integration", and fill in the client-id and secret key you collected in step number 2.

OAuth Method

Prerequisites

Before you begin, generate a temporary API key to use when creating the limited read-only OAuth application to assign its scopes. You can delete this API key after the process.

Method

You perform OAuth integration through raw HTTP requests. Rezonate has developed a script to automatically create the application, and make the process easier and faster.

Install Python 3.6+
Install the and Python libraries using the following pip commands:
```
pip install cryptography
```
```
pip install pyjwkest
```
Run the okta_integration_script.py (attached below)script with the tenant ID and the temporary API token:
```
python okta_integration_script.py --tenant-id TENANT_ID --api-token XXX_API_TOKEN
```

The TENANT_ID is your Okta Identifier, which is the subdomain in the Okta domain. For example, in the case of rezonate.okta.com, the tenant_id is rezonate.

After executing the script (which will take approximately 1-2 minutes), save the output (the tenant_id, application_id, and private key).

Response & Remediation actions prerequisites

Rezonate allows an automatic, on-demand, and scheduled execution of response & remediation actions in Okta.

To enable this capability, you will need to provide Rezonate with the following permissions:

'okta.users.manage',
'okta.groups.manage'

7KB

okta_integration_script.py