Okta

Pull Okta's activity telemetry and enable one-click containment and remediation tasks

In this guide, you will create an API token in Okta to pull application activity telemetry and enable one-click containment and remediation tasks. This telemetry identifies impacted users with login activity from abnormal client environments such as OS, browser, geolocation, and more.

At the end of this configuration, you will provide Radiant Security with these values:

  • Okta domain (the URL of your Okta domain)

Note: The Okta domain should be provided in the following form: https://my-org.okta.com.

  • API Token

Prerequisites

To create an API token with permissions to query Okta System Logs, you need to be logged in as an administrator user that has at least read-only permissions.

Important Note: Tokens are valid only if the user who created them is active. Tokens issued by deactivated users are rejected. To avoid service interruptions, Okta recommends generating API tokens using a service account that won’t be deactivated and with Super Admin permissions that won’t change.

Please refer to Okta documentation for information on token management.

Generate the API token

  1. Log in as an Okta administrator.

  2. From the upper right corner, click the Admin button to open the Okta Admin Console.

  3. From the left side menu, navigate to Security > API.

  1. Click Create Token.

  1. Enter a name for your token such as Radiant Security API Token and click Create Token.

  2. Copy the Token value in the pop-up screen.

Note: Be sure to copy and store the API token value carefully, as it cannot be retrieved later and can present a security risk if used in an unauthorized fashion.

Add the credentials in Radiant Security

  1. Log in to Radiant Security.

  2. From the navigation menu, select Settings > Credentials and click + Add Credential.

  3. Select the correct vendor from the list and click Configure Credential.

  4. Give the credential an identifiable name (e.g. Okta Credentials) and add the required fields.

  5. Click Add Credential to save the changes.

Add the data connector in Radiant Security

  1. From the navigation menu, select Settings > Data Connectors and click + Add Connector.

  2. Select the correct vendor from the list and click Data Feeds.

  3. Select the applicable data feed and click Credentials.

  4. From the drop-down, select the credential, or click + Add New Credential if it doesn’t already exist.

  5. Click Add Connector to finish creating the new data connector.

Add the action connector in Radiant Security

  1. From the navigation menu, select Settings > Action Connectors and click + Add Connector.

  2. Select the correct vendor from the list.

  3. Confirm that the selected credentials are correct.

  4. Click Add Connector.

PreviousNetskopeNextOnboard Hosts to Defender

Last updated