Integration with Okta's cloud-based identity management service.
- Sign in to your Okta organization as a user with administrator privileges.
- On the Admin Console, select Security > API from the menu, and then select the Tokens tab.
- Click Create Token.
- Name your token and click Create Token.
- API tokens have the same permissions as the user who creates them, and if the permissions of a user change, so do the permissions of the API token.
For more information, see the 'Create an API token' official documentation article.
The following scopes are required for the Okta v2 integration to work properly:
- okta.apps.manage
- okta.apps.read
- okta.groups.manage
- okta.groups.read
- okta.logs.read
- okta.networkZones.manage
- okta.networkZones.read
- okta.sessions.manage
- okta.sessions.read
- okta.users.manage
- okta.users.read
- Sign in to Okta Admin Console.
- In the Admin Console, go to Applications > Applications.
- Click Create App Integration.
- Select API Services as the sign-in method, and click Next.
- Enter the desired name for the created app (e.g., "Cortex XSOAR"), and click Save.
- In the app configuration page, under the General tab and the Client Credentials section, select Public key / Private key for the Client authentication option.
- Under the newly added PUBLIC KEYS section, click Add Key.
- In the Add Public Key dialog box, click Generate new key. Make sure to copy the generated private key (in PEM format) to somewhere safe, and click Save.
- Under the General Settings section:
- Next to the Proof of possession label, uncheck the Require Demonstrating Proof of Possession (DPoP) header in token requests option if it's selected.
- Next to the Grant type label, make sure the Client Credentials option is selected, and that the Token Exchange option is not selected.
- Click Save.
- Under the Okta API Scopes tab, grant the required scopes mentioned above for the app.
- Under the Admin roles tab:
- Click Edit assignments.
- In the dropdown list under "Role", select Super Administrator.
- Click Save changes at the top.
For more information, see the 'Implement OAuth for Okta' official documentation article.
-
Navigate to Settings > Integrations > Servers & Services.
-
Search for Okta v2.
-
Click Add instance to create and configure a new integration instance.
Parameter Description Required Okta URL (https://<domain>.okta.com) True API Token False Use OAuth 2.0 Authentication See detailed instructions on the 'Help' tab. False Client ID Required and used if OAuth 2.0 is used for authentication. See detailed instructions on the 'Help' tab. False Private Key In PEM format. Required and used if OAuth 2.0 is used for authentication. See detailed instructions on the 'Help' tab. False JWT Signing Algorithm Algorithm to sign generated JWT tokens with. Doesn't affect integration's functionality. Required and used if OAuth 2.0 is used for authentication. See detailed instructions on the 'Help' tab. False Trust any certificate (not secure) False Use system proxy settings False -
Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Unlocks a single user.
okta-unlock-user
| Argument Name | Description | Required |
|---|---|---|
| username | Username to unlock. | Required |
There is no context output for this command.
!okta-unlock-user username=testForDocs@test.com
User testForDocs@test.com unlocked
Deactivates a single user.
okta-deactivate-user
| Argument Name | Description | Required |
|---|---|---|
| username | Username to deactivate. | Required |
There is no context output for this command.
!okta-deactivate-user username=testForDocs@test.com
User testForDocs@test.com deactivated
Activates a single user.
okta-activate-user
| Argument Name | Description | Required |
|---|---|---|
| username | Username to activate. | Required |
There is no context output for this command.
!okta-activate-user username=testForDocs@test.com
testForDocs@test.com is active now
Suspends a single user. This operation can only be performed on users with an ACTIVE status. After the porcess is completed, the user's status is SUSPENDED.
okta-suspend-user
| Argument Name | Description | Required |
|---|---|---|
| username | Username to suspend. | Required |
There is no context output for this command.
!okta-suspend-user username=testForDocs@test.com
testForDocs@test.com status is Suspended
Returns a single user to ACTIVE status. This operation can only be performed on users that have a SUSPENDED status.
okta-unsuspend-user
| Argument Name | Description | Required |
|---|---|---|
| username | Username to change the status to ACTIVE. | Required |
There is no context output for this command.
!okta-unsuspend-user username=testForDocs@test.com
testForDocs@test.com is no longer SUSPENDED
Returns all the enrolled factors for the specified user.
okta-get-user-factors
| Argument Name | Description | Required |
|---|---|---|
| username | Username for which to return all enrolled factors. | Optional |
| userId | User ID of the user for which to get all enrolled factors. | Optional |
| Path | Type | Description |
|---|---|---|
| Account.ID | String | Okta account ID. |
| Account.Factor.ID | String | Okta account factor ID. |
| Account.Factor.Provider | String | Okta account factor provider. |
| Account.Factor.Profile | String | Okta account factor profile. |
| Account.Factor.FactorType | String | Okta account factor type. |
| Account.Factor.Status | Unknown | Okta account factor status. |
!okta-get-user-factors username=factor@test.com
{
"Account": {
"Factor": [
{
"FactorType": "sms",
"ID": "mblpt21nffaaN5F060h7",
"Profile": {
"phoneNumber": "+12025550191"
},
"Provider": "OKTA",
"Status": "PENDING_ACTIVATION"
},
{
"FactorType": "token:software:totp",
"ID": "uftpt24kdrDJ7fDOq0h7",
"Profile": {
"credentialId": "factor@test.com"
},
"Provider": "GOOGLE",
"Status": "PENDING_ACTIVATION"
},
{
"FactorType": "push",
"ID": "opfpt1joeaArlg27g0h7",
"Provider": "OKTA",
"Status": "PENDING_ACTIVATION"
}
],
"ID": "00upt1w8tgFQM2v6t4"
}
}
Factors for user: 00upt1w8tgFQM2v0h7
FactorType ID Profile Provider Status sms mbgt21nffaaN5F060h7 phoneNumber: +12025550191 OKTA PENDING_ACTIVATION token:software:totp uftptgdrDJ7fDOq0h7 credentialId: factor@test.com PENDING_ACTIVATION push opfg1joeaArlg27g0h7 OKTA PENDING_ACTIVATION
Un-enrolls an existing factor for the specified user. This enables the user to enroll a new factor.
okta-reset-factor
| Argument Name | Description | Required |
|---|---|---|
| userId | The user ID. | Optional |
| username | Username for which to un-enroll an existing factor. | Optional |
| factorId | The ID of the factor to reset. | Required |
There is no context output for this command.
!okta-reset-factor factorId=ufsq7cvptfbjQa72c0h7 userId=00upt1w8t40wFQM2v6t4
Factor: ufsq7cvptfbjQa72c0h7 deleted
Sets passwords without validating existing user credentials.
okta-set-password
| Argument Name | Description | Required |
|---|---|---|
| username | Okta username for which to set the password. | Required |
| password | The new password to set for the user. | Required |
| temporary_password | When true, you'll need to change the password in the next login. Possible values are: true, false. Default is false. | Optional |
There is no context output for this command.
!okta-set-password username=testForDocs@test.com password=N3wPa55word!
testForDocs@test.com password was last changed on 2020-03-26T13:57:13.000Z
Adds a user to a group with OKTA_GROUP type.
okta-add-to-group
| Argument Name | Description | Required |
|---|---|---|
| userId | ID of the user to add to the group. | Optional |
| username | Name of the user to add to the group. | Optional |
| groupId | ID of the group to add the user to. | Optional |
| groupName | Name of the group to add the user to. | Optional |
There is no context output for this command.
!okta-add-to-group groupName=Demisto username=testForDocs@test.com
User: 00uqk1qesl3k0SRbH0h7 added to group: Demisto successfully
Removes a user from a group with OKTA_GROUP type.
okta-remove-from-group
| Argument Name | Description | Required |
|---|---|---|
| userId | ID of the user to remove from the group. | Optional |
| username | Name of the user to remove from the group. | Optional |
| groupId | ID of the group to remove the user from. | Optional |
| groupName | Name of the group to remove the user from. | Optional |
There is no context output for this command.
!okta-remove-from-group groupName=demisto username=testForDocs@test.com
User: 00uqk1qesl3k0SRbH0h7 was removed from group: demisto successfully
Returns all user groups associated with a specified user.
okta-get-groups
| Argument Name | Description | Required |
|---|---|---|
| username | Username in Okta for which to get the associated groups. | Required |
| Path | Type | Description |
|---|---|---|
| Account.Group | Unknown | Okta groups with which the account is associated. |
| Account.ID | String | Okta account ID. |
| Account.Type | String | Okta account type. |
| Account.Group.ID | String | Unique key for the group. |
| Account.Group.Created | Date | Timestamp when the group was created. |
| Account.Group.ObjectClass | String | The object class, which determines the group's profile. |
| Account.Group.LastUpdated | Date | Timestamp when the group's profile was last updated. |
| Account.Group.LastMembershipUpdated | Date | Timestamp when the group's memberships were last updated. |
| Account.Group.Type | String | Group type, which determines how a group's profile and memberships are managed. |
| Account.Group.Description | String | Description of the group. |
| Account.Group.Name | String | Name of the group. |
!okta-get-groups username=testForDocs@test.com
{
"Account": {
"Group": [
{
"Created": "2016-04-12T15:01:50.000Z",
"Description": "All users in your organization",
"ID": "00g66lckcsAJpLcNc0h7",
"LastMembershipUpdated": "2020-03-26T13:56:49.000Z",
"LastUpdated": "2016-04-12T15:01:50.000Z",
"Name": "Everyone",
"ObjectClass": [
"okta:user_group"
],
"Type": "BUILT_IN"
},
{
"Created": "2018-01-19T02:02:06.000Z",
"ID": "00gdougcq3zEaf7c50h7",
"LastMembershipUpdated": "2020-03-26T13:49:47.000Z",
"LastUpdated": "2018-01-19T02:02:06.000Z",
"Name": "Demisto",
"ObjectClass": [
"okta:user_group"
],
"Type": "OKTA_GROUP"
}
],
"ID": "00uqk1qesl3k0SRbH0h7",
"Type": "Okta"
}
}
Okta groups for user: testForDocs@test.com
Created Description ID LastMembershipUpdated LastUpdated Name ObjectClass Type 2016-04-12T15:01:50.000Z All users in your organization 00g66lckgAJpLcNc0h7 2020-03-26T13:56:49.000Z 2016-04-12T15:01:50.000Z Everyone okta:user_group BUILT_IN 2018-01-19T02:02:06.000Z 00gdougcgzEaf7c50h7 2020-03-26T13:49:47.000Z 2018-01-19T02:02:06.000Z Demisto okta:user_group OKTA_GROUP
Enrolls and verifies a push factor for the specified user.
okta-verify-push-factor
| Argument Name | Description | Required |
|---|---|---|
| userId | The ID of the user to enroll and verify. | Required |
| factorId | The push factor ID. | Required |
| Path | Type | Description |
|---|---|---|
| Account.ID | String | Okta user ID. |
| Account.VerifyPushResult | String | Okta user push factor result. |
!okta-verify-push-factor factorId=opfpt1joeaArlg27g0h7 userId=00upt1w8t40wFQM2v0h7
Verify push factor result for user 00upt1w8t40wgQM2v0h7: WAITING
{
"factorResult": "WAITING",
"profile": {
"credentialId": "test@this.com",
"deviceType": "SmartPhone_IPhone",
"keys": [
{
"kty": "EC",
"use": "sig",
"kid": "default",
"x": "3Y53lDoQYwzzVbjsbsPnqOnVaotIrVByQh5Sa-RwOHQ",
"y": "0zHY_y9rVh-bq_-lR-MrmzNtUZrrIMbTrsjtxUyUT2Q",
"crv": "P-256"
}
],
"name": "iPhone (5)",
"platform": "IOS",
"version": "13.1.3"
},
"expiresAt": "2020-02-24T11:37:08.000Z",
"_links": {
"cancel": {
"href": "https://test.com/api/v1/users/00upt1w8t40wgQM2v0h7/factors/FactorID/transactions/TransactionID",
"hints": {
"allow": [
"DELETE"
]
}
},
"poll": {
"href": "https://test.com/api/v1/users/00upt1w8t40wgQM2v0h7/factors/FactorID/transactions/TransactionID",
"hints": {
"allow": [
"GET"
]
}
}
}
}
Searches for Okta users.
okta-search
| Argument Name | Description | Required |
|---|---|---|
| term | Term by which to search. Can be a first name, last name, or email address. The argument term or advanced_search is required. |
Optional |
| advanced_search | Searches for users with a supported filtering expression for most properties, including custom-defined properties. The argument term or advanced_search is required. |
Optional |
| limit | The maximum number of results to return. The default and maximum is 200. | Optional |
| verbose | Whether to return details of users that match the found term. Can be "true" or "false". The default is "false". Possible values are: true, false. Default is false. | Optional |
| Path | Type | Description |
|---|---|---|
| Account.ID | String | Okta account IDs returned by the search. |
| Account.Username | String | Okta account usernames returned by the search. |
| Account.Email | String | Okta account emails returned by the search. |
| Account.DisplayName | String | Okta account display names returned by the search. |
| Account.Type | String | Okta account type returned by the search. |
| Account.Status | String | Okta account current status. |
| Account.Created | Date | Timestamp for when the user was created. |
| Account.Activated | Date | Timestamp for when the user was activated. |
| Account.StatusChanged | Date | Timestamp for when the user's status was last changed. |
| Account.PasswordChanged | Date | Timestamp for when the user's password was last changed. |
!okta-search term=test verbose=true
{
"Account": [
{
"Activated": "2020-02-12T14:03:51.000Z",
"Created": "2020-02-12T14:03:50.000Z",
"DisplayName": "bar test",
"Email": "bartest@test.com",
"ID": "00uppjeleqJQ2kkN80h7",
"Status": "PROVISIONED",
"StatusChanged": "2020-02-12T14:03:51.000Z",
"Type": "Okta",
"Username": "bartest@test.com"
},
{
"Activated": "2020-02-19T12:33:20.000Z",
"Created": "2018-07-31T12:48:33.000Z",
"DisplayName": "test that",
"Email": "test@that.com",
"ID": "00ufufhqits3y78Ju0h7",
"PasswordChanged": "2020-02-06T13:32:56.000Z",
"Status": "PROVISIONED",
"StatusChanged": "2020-02-19T12:33:20.000Z",
"Type": "Okta",
"Username": "test@that.com"
},
{
"Activated": "2020-03-26T13:56:52.000Z",
"Created": "2020-03-26T13:56:49.000Z",
"DisplayName": "test that",
"Email": "testForDocs@test.com",
"ID": "00uqk1qesl3k0SRbH0h7",
"PasswordChanged": "2020-03-26T13:56:50.000Z",
"Status": "ACTIVE",
"StatusChanged": "2020-03-26T13:56:52.000Z",
"Type": "Okta",
"Username": "testForDocs@test.com"
}
]
}
Okta users found: User:bartest@test.com
First Name Last Name Login Mobile Phone Second Email bartest@test.com bar test bartest@test.com
| Activated | Created | Credentials | ID | Last Login | Last Updated | Password Changed | Status | Status Changed | Type | _links |
|---|---|---|---|---|---|---|---|---|---|---|
| 2020-02-12T14:03:51.000Z | 2020-02-12T14:03:50.000Z | provider: {"type": "OKTA", "name": "OKTA"} | 00uppjeleqJQ2kkN80h7 | 2020-02-12T14:03:51.000Z | PROVISIONED | id: oty66lckcvDyVcGzS0h7 | self: {"href": "https://yourdomain.okta.com/api/v1/users/00uppjeleqJQ2kkN80h7"} |
User:test@that.com
| First Name | Last Name | Login | Mobile Phone | Second Email | |
|---|---|---|---|---|---|
| test@that.com | test | that | test@that.com | test@that.com |
| Activated | Created | Credentials | ID | Last Login | Last Updated | Password Changed | Status | Status Changed | Type | _links |
|---|---|---|---|---|---|---|---|---|---|---|
| 2020-02-19T12:33:20.000Z | 2018-07-31T12:48:33.000Z | provider: {"type": "OKTA", "name": "OKTA"} | 00ufufhqits3y78Ju0h7 | 2020-02-19T12:33:20.000Z | 2020-02-06T13:32:56.000Z | PROVISIONED | id: oty66lckcvDyVcGzS0h7 | self: {"href": "https://yourdomain.okta.com/api/v1/users/00ufufhqits3y78Ju0h7"} |
User:testForDocs@test.com
| First Name | Last Name | Login | Mobile Phone | Second Email | |
|---|---|---|---|---|---|
| testForDocs@test.com | test | that | testForDocs@test.com |
| Activated | Created | Credentials | ID | Last Login | Last Updated | Password Changed | Status | Status Changed | Type | _links |
|---|---|---|---|---|---|---|---|---|---|---|
| 2020-03-26T13:56:52.000Z | 2020-03-26T13:56:49.000Z | password: {}recovery_question: {"question": "whats is your favourite integration"}provider: {"type": "OKTA", "name": "OKTA"} | 00uqk1qesl3k0SRbH0h7 | 2020-03-26T13:56:52.000Z | 2020-03-26T13:56:50.000Z | ACTIVE | id: oty66lckcvDyVcGzS0h7 | self: {"href": "https://yourdomain.okta.com/api/v1/users/00uqk1qesl3k0SRbH0h7"} |
Fetches information for a single user. You must enter one or more parameters for the command to run.
okta-get-user
| Argument Name | Description | Required |
|---|---|---|
| username | Okta username for which to get information. | Optional |
| userId | User ID of the user for which to get information. | Optional |
| verbose | Whether to return extended user information. Can be "true" or "false". The default is "false". Possible values are: true, false. Default is false. | Optional |
| Path | Type | Description |
|---|---|---|
| Account.ID | String | Okta account ID. |
| Account.Email | String | Okta account email. |
| Account.Username | String | Okta account username. |
| Account.DisplayName | String | Okta account display name. |
| Account.Status | String | Okta account status. |
| Account.Created | Date | Timestamp for when the user was created. |
| Account.Activated | Date | Timestamp for when the user was activated. |
| Account.StatusChanged | Date | Timestamp for when the user's status was last changed. |
| Account.PasswordChanged | Date | Timestamp for when the user's password was last changed. |
| Account.Manager | String | The manager. |
| Account.ManagerEmail | String | The manager email. |
!okta-get-user username=testForDocs@test.com verbose=true
{
"Account": {
"Activated": "2020-03-26T13:56:52.000Z",
"Created": "2020-03-26T13:56:49.000Z",
"DisplayName": "test that",
"Email": "testForDocs@test.com",
"ID": "00uqk1qesl3k0SRbH0h7",
"Manager": "manager@test.com",
"ManagerEmail": null,
"PasswordChanged": "2020-03-26T13:56:50.000Z",
"Status": "ACTIVE",
"StatusChanged": "2020-03-26T13:56:52.000Z",
"Type": "Okta",
"Username": "testForDocs@test.com"
}
}
User:testForDocs@test.com
First Name Last Name Login Manager Manager Email Mobile Phone Second Email testForDocs@test.com test that testForDocs@test.com manager@test.com
| Activated | Created | Credentials | ID | Last Login | Last Updated | Password Changed | Status | Status Changed | Type | _links |
|---|---|---|---|---|---|---|---|---|---|---|
| 2020-03-26T13:56:52.000Z | 2020-03-26T13:56:49.000Z | password: {}recovery_question: {"question": "whats is your favourite integration"} provider: {"type": "OKTA", "name": "OKTA"} | 00uqk1qesl3k0SRbH0h7 | 2020-03-26T13:56:52.000Z | 2020-03-26T13:56:50.000Z | ACTIVE | id: oty66lckcvDyVcGzS0h7 | links |
Lists users in your organization.
okta-list-users
| Argument Name | Description | Required |
|---|---|---|
| after | The cursor in which to retrive the results from and on. if the query didn't reach the end of results, the tag can be obtained from the bottom of the grid in the readable output, or in the context path Okta.User.tag. | Optional |
| limit | The maximum number of results to return. Default is 200. | Optional |
| verbose | Whether to return extended user information. Possible values are: true, false. Default is false. | Optional |
| query | Searches the name property of groups for matching values. | Optional |
| filter | Useful for performing structured queries where constraints on group attribute values can be explicitly targeted. The following expressions are supported(among others) for groups with the filter query parameter: type eq "OKTA_GROUP" - Groups that have a type of OKTA_GROUP; lastUpdated lt "yyyy-MM-dd''T''HH:mm:ss.SSSZ" - Groups with profile last updated before a specific timestamp; lastMembershipUpdated eq "yyyy-MM-dd''T''HH:mm:ss.SSSZ" - Groups with memberships last updated at a specific timestamp; id eq "00g1emaKYZTWRYYRRTSK" - Group with a specified ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering. |
Optional |
| Path | Type | Description |
|---|---|---|
| Account.ID | String | Okta account ID. |
| Account.Email | String | Okta account email. |
| Account.Username | String | Okta account username. |
| Account.DisplayName | String | Okta account display name. |
| Account.Status | String | Okta account status. |
| Account.Created | Date | Timestamp for when the user was created. |
| Account.Activated | Date | Timestamp for when the user was activated. |
| Account.StatusChanged | Date | Timestamp for when the user's status was last changed. |
| Account.PasswordChanged | Date | Timestamp for when the user's password was last changed. |
| Okta.User.tag | String | The location of the next item, used with after param. |
Creates a new user with an option of setting a password, recovery question, and answer. The new user will immediately be able to log in after activation with the assigned password. This flow is common when developing a custom user registration experience.
okta-create-user
| Argument Name | Description | Required |
|---|---|---|
| firstName | First name of the user (givenName). | Required |
| lastName | Family name of the user (familyName). | Required |
| Primary email address of the user. | Required | |
| login | Unique identifier for the user (username). | Required |
| secondEmail | Secondary email address of user. Usually used for account recovery. | Optional |
| middleName | Middle name(s) of the user. | Optional |
| honorificPrefix | A comma-separated list of honorific prefix(es) of the user, or title in most Western languages. | Optional |
| honorificSuffix | A comma-separated list of honorific suffix(es) of the user. | Optional |
| title | User's title. for example, Vice President. | Optional |
| displayName | Display name of the user. | Optional |
| nickName | Casual way to address the user (nick name). | Optional |
| profileUrl | URL of the user online profile. For example, a web page. | Optional |
| primaryPhone | Primary phone number of the user. | Optional |
| mobilePhone | Mobile phone number of the user. | Optional |
| streetAddress | Full street address component of the user's address. | Optional |
| city | City or locality component of the user's address (locality). | Optional |
| state | State or region component of the user's address (region). | Optional |
| zipCode | Zip code or postal code component of the user's address (postalCode). | Optional |
| countryCode | Country name component of the user's address (country). | Optional |
| postalAddress | Mailing address component of the user's address. | Optional |
| preferredLanguage | User's preferred written or spoken languages. | Optional |
| locale | User's default location, for purposes of localizing items such as currency, date-time format, numerical representations, etc. | Optional |
| timezone | User's time zone. | Optional |
| userType | The user type, which is used to identify the organization-to-user relationship such as "Employee" or "Contractor". | Optional |
| employeeNumber | Organization or company assigned unique identifier for the user. | Optional |
| costCenter | Name of a cost center the user is assigned to. | Optional |
| organization | Name of the user's organization. | Optional |
| division | Name of the user's division. | Optional |
| department | Name of the user's department. | Optional |
| managerId | ID of the user's manager. | Optional |
| manager | Display name of the user's manager. | Optional |
| password | Password for the new user. | Optional |
| passwordQuestion | Password question for the new user. | Optional |
| passwordAnswer | Password answer for question. | Optional |
| providerType | The provider type. Can be "OKTA", "ACTIVE_DIRECTORY", "LDAP", "FEDERATION", or "SOCIAL". Possible values are: OKTA, ACTIVE_DIRECTORY, LDAP, FEDERATION, SOCIAL. | Optional |
| providerName | Name of the provider. | Optional |
| groupIds | IDs of groups that the user will be immediately added to at time of creation (does Not include default group). | Optional |
| activate | Whether to activate the lifecycle operation when creating the user. Can be "true" or "false". Possible values are: true, false. | Optional |
| Path | Type | Description |
|---|---|---|
| Account.ID | String | Created Okta account ID. |
| Account.Email | String | Created Okta account email address. |
| Account.Username | String | Created okta account username. |
| Account.DisplayName | String | Created Okta account display name. |
| Account.Type | String | Type of created account - Okta. |
| Account.Status | String | Okta account current status. |
| Account.Created | Date | Timestamp for when the user was created. |
| Account.Activated | Date | Timestamp for when the user was activated. |
| Account.StatusChanged | Date | Timestamp for when the user's status was last changed. |
| Account.PasswordChanged | Date | Timestamp for when the user's password was last changed. |
!okta-create-user email=testForDocs@test.com firstName=test lastName=that login=testForDocs@test.com password=Pa55word! passwordQuestion="whats is your favourite integration" passwordAnswer="Okta of course"
{
"Account": {
"Activated": null,
"Created": "2020-03-26T13:56:49.000Z",
"DisplayName": "test that",
"Email": "testForDocs@test.com",
"ID": "00uqk1qesl3k0SRbH0h7",
"PasswordChanged": "2020-03-26T13:56:50.000Z",
"Status": "STAGED",
"StatusChanged": null,
"Type": "Okta",
"Username": "testForDocs@test.com"
}
}
Okta User Created: testForDocs@test.com:
First Name ID Last Login Last Name Login Mobile Phone Status test 00uqk1qesl3k0SRbH0h7 that testForDocs@test.com STAGED
Updates a user with a given login. All fields are optional. Fields which are not set, will not be overwritten.
okta-update-user
| Argument Name | Description | Required |
|---|---|---|
| firstName | First name of the user (given name). | Optional |
| lastName | Family name of the user. | Optional |
| Primary email address of the user. | Optional | |
| username | Unique identifier for the user (login). | Required |
| secondEmail | Secondary email address of the user (typically used for account recovery. | Optional |
| middleName | Middle name(s) of the user. | Optional |
| honorificPrefix | Honorific prefix(es) of the user, or title in most Western languages. | Optional |
| honorificSuffix | Honorific suffix(es) of the user. | Optional |
| title | User's title. For example, Vice President. | Optional |
| displayName | Display name of the user. | Optional |
| nickName | Casual way to address the user in real life (nick name). | Optional |
| profileUrl | URL of the user's online profile. For example, a web page. | Optional |
| primaryPhone | Primary phone number of the user. | Optional |
| mobilePhone | Mobile phone number of the user. | Optional |
| streetAddress | Full street address component of the user's address. | Optional |
| city | City or locality component of the user's address (locality). | Optional |
| state | State or region component of the user's address (region). | Optional |
| zipCode | Zip code or postal code component of the user's address (postalCode). | Optional |
| countryCode | Country name component of the user's address (country). | Optional |
| postalAddress | Mailing address component of the user's address. | Optional |
| preferredLanguage | User's preferred written or spoken languages. | Optional |
| locale | User's default location for purposes of localizing items such as currency, date-time format, numerical representations, etc. | Optional |
| timezone | User time zone. | Optional |
| userType | The user type, which is used to identify the organization-to-user relationship such as "Employee" or "Contractor". | Optional |
| employeeNumber | Organization or company assigned unique identifier for the user. | Optional |
| costCenter | Name of a cost center the user is assigned to. | Optional |
| organization | Name of the user's organization. | Optional |
| division | Name of the user's division. | Optional |
| department | Name of the user's department. | Optional |
| managerId | ID of the user's manager. | Optional |
| manager | Display name of the user's manager. | Optional |
| password | New password for the specified user. | Optional |
| passwordQuestion | Password question for the specified user. | Optional |
| passwordAnswer | Password answer for the question. | Optional |
| providerType | The provider type. Can be "OKTA", "ACTIVE_DIRECTORY", "LDAP", "FEDERATION", or "SOCIAL". Possible values are: OKTA, ACTIVE_DIRECTORY, FEDERATION, SOCIAL. | Optional |
| providerName | Name of the provider. | Optional |
There is no context output for this command.
!okta-update-user username=testForDocs@test.com firstName="First Name Updated"
Okta user: testForDocs@test.com Updated:
firstName lastName login mobilePhone secondEmail testForDocs@test.com First Name Updated that testForDocs@test.com
Enumerates all users that are members of a group.
okta-get-group-members
| Argument Name | Description | Required |
|---|---|---|
| groupId | ID of the group. | Optional |
| limit | The maximum number of results to return. | Optional |
| verbose | Whether to print extended user details. Can be "true" or "false". The default is "false". Possible values are: true, false. Default is false. | Optional |
| groupName | Name of the group. | Optional |
| Path | Type | Description |
|---|---|---|
| Account.ID | String | Okta account ID. |
| Account.Email | String | Okta account email address. |
| Account.Username | String | Okta account username. |
| Account.DisplayName | String | Okta account display name. |
| Account.Type | String | Account type - Okta. |
| Account.Status | String | Okta account current status. |
| Account.Created | Date | Timestamp for when the user was created. |
| Account.Activated | Date | Timestamp for when the user was activated. |
| Account.StatusChanged | Date | Timestamp for when the user's status was last changed. |
| Account.PasswordChanged | Date | Timestamp for when the user's password was last changed. |
!okta-get-group-members groupName=Demisto limit=1 verbose=true
{
"Account": {
"Created": "2016-04-12T15:01:52.000Z",
"DisplayName": "Test Demisto",
"Email": "XSOAR@demisto.com",
"ID": "00u66ljhpjidYi0h7",
"PasswordChanged": "2020-02-24T11:40:08.000Z",
"Status": "ACTIVE",
"StatusChanged": "2016-04-12T15:05:06.000Z",
"Type": "Okta",
"Username": "XSOAR@demisto.com"
}
}
User:Test@demisto.com
First Name Last Name Login Mobile Phone Second Email XSOAR@demisto.com Test Demisto XSOAR@demisto.com
| Activated | Created | Credentials | ID | Last Login | Last Updated | Password Changed | Status | Status Changed | Type | _links |
|---|---|---|---|---|---|---|---|---|---|---|
| 2016-04-12T15:01:52.000Z | password: {} recovery_question: {"question": "born city"} provider: {"type": "OKTA", "name": "OKTA"} | 00u66lckd7lpjidYi0h7 | 2020-03-12T09:54:36.000Z | 2020-02-24T11:42:22.000Z | 2020-02-24T11:40:08.000Z | ACTIVE | id: oty66lckcyVcGzS0h7 | self: {"href": "https://yourdomain.okta.com/api/v1/users/00uclpjidYi0h7"} |
Lists groups in your organization. A subset of groups can be returned that match a supported filter expression or query.
okta-list-groups
| Argument Name | Description | Required |
|---|---|---|
| query | Searches the name property of groups for matching values. | Optional |
| filter | Useful for performing structured queries where constraints on group attribute values can be explicitly targeted. The following expressions are supported(among others) for groups with the filter query parameter: type eq "OKTA_GROUP" - Groups that have a type of OKTA_GROUP; lastUpdated lt "yyyy-MM-dd''T''HH:mm:ss.SSSZ" - Groups with profile last updated before a specific timestamp; lastMembershipUpdated eq "yyyy-MM-dd''T''HH:mm:ss.SSSZ" - Groups with memberships last updated at a specific timestamp; id eq "00g1emaKYZTWRYYRRTSK" - Group with a specified ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering. |
Optional |
| limit | The maximum number of results to return. The default is 200. Default is 200. | Optional |
| Path | Type | Description |
|---|---|---|
| Okta.Group.ID | String | Unique key for the group. |
| Okta.Group.Created | Date | Timestamp for when the group was created. |
| Okta.Group.ObjectClass | Unknown | The group's profile. |
| Okta.Group.LastUpdated | Date | Timestamp for when the group's profile was last updated. |
| Okta.Group.LastMembershipUpdated | Date | Timestamp for when the group's membership was last updated. |
| Okta.Group.Type | String | The group type, which determines how a group's profile and membership are managed. Can be "OKTA_GROUP", "APP_GROUP", or "BUILT_IN". |
| Okta.Group.Name | String | Name of the group. |
| Okta.Group.Description | String | Description of the group. |
!okta-list-groups filter=`type eq "OKTA_GROUP" and lastUpdated lt "2019-04-30T00:00:00.000Z" and lastMembershipUpdated gt "2019-04-30T00:00:00.000Z"` query=demisto
{
"Okta": {
"Group": {
"Created": "2018-01-19T02:02:06.000Z",
"ID": "00gdout3zEaf7c50h7",
"LastMembershipUpdated": "2020-03-26T13:56:56.000Z",
"LastUpdated": "2018-01-19T02:02:06.000Z",
"Name": "Demisto",
"ObjectClass": [
"okta:user_group"
],
"Type": "OKTA_GROUP"
}
}
}
Created Description ID LastMembershipUpdated LastUpdated Name ObjectClass Type 2018-01-19T02:02:06.000Z 00gdougctEaf7c50h7 2020-03-26T13:56:56.000Z 2018-01-19T02:02:06.000Z Demisto okta:user_group OKTA_GROUP
Returns failed login events.
okta-get-failed-logins
| Argument Name | Description | Required |
|---|---|---|
| since | Filters the lower time bound of the log events in the Internet Date/Time Format profile of ISO 8601. An example: 2017-05-03T16:22:18Z. | Optional |
| until | Filters the upper time bound of the log events in the Internet Date/Time Format profile of ISO 8601. An example: 2017-05-03T16:22:18Z. | Optional |
| sortOrder | The order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING". Possible values are: ASCENDING, DESCENDING. Default is ASCENDING. | Optional |
| limit | The maximum number of results to return. The default is 100. | Optional |
| Path | Type | Description |
|---|---|---|
| Okta.Logs.Events.actor.alternateId | String | Alternative ID of the actor. |
| Okta.Logs.Events.actor.displayName | String | Display name of the actor. |
| Okta.Logs.Events.actor.id | String | ID of the actor. |
| Okta.Logs.Events.client.userAgent.rawUserAgent | String | A raw string representation of the user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field. |
| Okta.Logs.Events.client.userAgent.os | String | The operating system on which the client runs. For example, Microsoft Windows 10. |
| Okta.Logs.Events.client.userAgent.browser | String | Identifies the browser type, if relevant. For example, Chrome. |
| Okta.Logs.Events.client.device | String | Type of device that client operated from. For example, Computer. |
| Okta.Logs.Events.client.id | String | For OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request. |
| Okta.Logs.Events.client.ipAddress | String | IP address from which the client made its request. |
| Okta.Logs.Events.client.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
| Okta.Logs.Events.client.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example Montana, Incheon. |
| Okta.Logs.Events.client.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
| Okta.Logs.Events.displayMessage | String | The display message for an event. |
| Okta.Logs.Events.eventType | String | Type of event that was published. |
| Okta.Logs.Events.outcome.result | String | Result of the action. Can be "SUCCESS", "FAILURE", "SKIPPED", "UNKNOWN". |
| Okta.Logs.Events.outcome.reason | String | Reason for the result. For example, INVALID_CREDENTIALS. |
| Okta.Logs.Events.published | String | Timestamp when the event was published. |
| Okta.Logs.Events.severity | String | The event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR". |
| Okta.Logs.Events.securityContext.asNumber | Number | Autonomous system number associated with the autonomous system that the event request was sourced to. |
| Okta.Logs.Events.securityContext.asOrg | String | Organization associated with the autonomous system that the event request was sourced to. |
| Okta.Logs.Events.securityContext.isp | String | Internet service provider used to send the event's request. |
| Okta.Logs.Events.securityContext.domain | String | The domain name associated with the IP address of the inbound event request. |
| Okta.Logs.Events.securityContext.isProxy | String | Specifies whether an event's request is from a known proxy. |
| Okta.Logs.Events.request.ipChain.IP | String | IP address. |
| Okta.Logs.Events.request.ipChain.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
| Okta.Logs.Events.request.ipChain.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
| Okta.Logs.Events.request.ipChain.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
| Okta.Logs.Events.request.ipChain.source | String | Details regarding the source. |
| Okta.Logs.Events.target.id | String | ID of a target. |
| Okta.Logs.Events.target.type | String | Type of a target. |
| Okta.Logs.Events.target.alternateId | String | Alternative ID of a target. |
| Okta.Logs.Events.target.displayName | String | Display name of a target. |
!okta-get-failed-logins since="2019-04-30T00:00:00.000Z" limit=1
{
"Okta": {
"Logs": {
"Events": {
"actor": {
"alternateId": "goo@test.com",
"detailEntry": null,
"displayName": "unknown",
"id": "unknown",
"type": "User"
},
"authenticationContext": {
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "unknown",
"interface": null,
"issuer": null
},
"client": {
"device": "Computer",
"geographicalContext": {
"city": "Tel Aviv",
"country": "Israel",
"geolocation": {
"lat": 32.0678,
"lon": 34.7647
},
"postalCode": null,
"state": "Tel Aviv"
},
"id": null,
"ipAddress": "127.0.0.1",
"userAgent": {
"browser": "CHROME",
"os": "Windows 10",
"rawUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
},
"zone": "null"
},
"debugContext": {
"debugData": {
"loginResult": "VERIFICATION_ERROR",
"requestId": "XYM92q-0Fs0ewvRQZVAlzwAABL8",
"requestUri": "/api/v1/authn",
"url": "/api/v1/authn?"
}
},
"displayMessage": "User login to Okta",
"eventType": "user.session.start",
"legacyEventType": "core.user_auth.login_failed",
"outcome": {
"reason": "VERIFICATION_ERROR",
"result": "FAILURE"
},
"published": "2019-09-19T08:35:38.353Z",
"request": {
"ipChain": [
{
"geographicalContext": {
"city": "Tel Aviv",
"country": "Israel",
"geolocation": {
"lat": 32.0678,
"lon": 34.7647
},
"postalCode": null,
"state": "Tel Aviv"
},
"ip": "127.0.0.1",
"source": null,
"version": "V4"
}
]
},
"securityContext": {
"asNumber": null,
"asOrg": null,
"domain": null,
"isProxy": null,
"isp": null
},
"severity": "INFO",
"target": null,
"transaction": {
"detail": {},
"id": "XYM92q-0Fs0ewvRQZVAlzwAABL8",
"type": "WEB"
},
"uuid": "7503c6b4-dab8-11e9-b336-d163e95fbe00",
"version": "0"
}
}
}
}
Actor ActorAlternaneId ChainIP Client EventInfo EventOutcome EventSeverity RequestIP Targets Time unknown (User) admin 127.0.0.1 CHROME on Windows 10 Computer User login to Okta FAILURE: VERIFICATION_ERROR INFO 127.0.0.1 - 09/30/2019, 18:42:38
Gets logs by providing optional filters.
okta-get-logs
| Argument Name | Description | Required |
|---|---|---|
| filter | Useful for performing structured queries where constraints on LogEvent attribute values can be explicitly targeted. The following expressions are supported for events with the filter query parameter: eventType eq " :eventType" -Events that have a specific action; eventType target.id eq ":id" - Events published with a specific target id; actor.id eq ":id" - Events published with a specific actor ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering. |
Optional |
| query | The query parameter can be used to perform keyword matching against a LogEvents object’s attribute values. To satisfy the constraint, all supplied keywords must be matched exactly. Note that matching is case-insensitive. The following are some examples of common keyword filtering: Events that mention a specific city: query=San Francisco; Events that mention a specific url: query=interestingURI.com; Events that mention a specific person: query=firstName lastName. |
Optional |
| since | Filters the lower time bound of the log events in the Internet Date/Time Format profile of ISO 8601. For example: 2017-05-03T16:22:18Z. | Optional |
| until | Filters the upper time bound of the log events in the Internet Date/Time Format profile of ISO 8601. For example: 2017-05-03T16:22:18Z. | Optional |
| sortOrder | The order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING". Possible values are: ASCENDING, DESCENDING. Default is ASCENDING. | Optional |
| limit | The maximum number of results to return. The default is 100. Default is 100. | Optional |
| Path | Type | Description |
|---|---|---|
| Okta.Logs.Events.actor.alternateId | String | Alternative ID of the actor. |
| Okta.Logs.Events.actor.displayName | String | Display name of the actor. |
| Okta.Logs.Events.actor.id | String | ID of the actor. |
| Okta.Logs.Events.client.userAgent.rawUserAgent | String | A raw string representation of user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field. |
| Okta.Logs.Events.client.userAgent.os | String | The operating system on which the client runs. For example, Microsoft Windows 10. |
| Okta.Logs.Events.client.userAgent.browser | String | Identifies the type of web browser, if relevant. For example, Chrome. |
| Okta.Logs.Events.client.device | String | Type of device from which the client operated. For example, Computer. |
| Okta.Logs.Events.client.id | String | For OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request. |
| Okta.Logs.Events.client.ipAddress | String | IP address from which the client made its request. |
| Okta.Logs.Events.client.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
| Okta.Logs.Events.client.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
| Okta.Logs.Events.client.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
| Okta.Logs.Events.displayMessage | String | The display message for an event. |
| Okta.Logs.Events.eventType | String | Type of event that was published. |
| Okta.Logs.Events.outcome.result | String | Result of the action. Can be "SUCCESS", "FAILURE", "SKIPPED", or "UNKNOWN". |
| Okta.Logs.Events.outcome.reason | String | Reason for the result. For example, INVALID_CREDENTIALS. |
| Okta.Logs.Events.published | String | Timestamp when the event was published. |
| Okta.Logs.Events.severity | String | The event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR". |
| Okta.Logs.Events.securityContext.asNumber | Number | Autonomous system number associated with the autonomous system that the event request was sourced to. |
| Okta.Logs.Events.securityContext.asOrg | String | Organization associated with the autonomous system that the event request was sourced to. |
| Okta.Logs.Events.securityContext.isp | String | Internet service provider used to send the event's request. |
| Okta.Logs.Events.securityContext.domain | String | The domain name associated with the IP address of the inbound event request. |
| Okta.Logs.Events.securityContext.isProxy | String | Specifies whether an event's request is from a known proxy. |
| Okta.Logs.Events.request.ipChain.IP | String | IP address. |
| Okta.Logs.Events.request.ipChain.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
| Okta.Logs.Events.request.ipChain.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
| Okta.Logs.Events.request.ipChain.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
| Okta.Logs.Events.request.ipChain.source | String | Details regarding the source. |
| Okta.Logs.Events.target.id | String | ID of a target. |
| Okta.Logs.Events.target.type | String | Type of a target. |
| Okta.Logs.Events.target.alternateId | String | Alternative ID of a target. |
| Okta.Logs.Events.target.displayName | String | Display name of a target. |
!okta-get-logs filter=`actor.id eq "00u66lckvpjidYi0h7"` query=Boardman since="2020-03-03T20:23:17.573Z" limit=1
{
"Okta": {
"Logs": {
"Events": {
"actor": {
"alternateId": "Test@demisto.com",
"detailEntry": null,
"displayName": "Test Demisto",
"id": "00u66lvd7lpjidYi0h7",
"type": "User"
},
"authenticationContext": {
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "trs3hs_F_UQT9K5FOPG7m4i1g",
"interface": null,
"issuer": null
},
"client": {
"device": "Unknown",
"geographicalContext": {
"city": "Boardman",
"country": "United States",
"geolocation": {
"lat": 45.8491,
"lon": -119.7143
},
"postalCode": "97818",
"state": "Oregon"
},
"id": null,
"ipAddress": "127.0.0.1",
"userAgent": {
"browser": "UNKNOWN",
"os": "Unknown",
"rawUserAgent": "Demisto/1.0"
},
"zone": "null"
},
"debugContext": {
"debugData": {
"requestId": "Xl68tch@7iZvNo0k8vPc5gAAAmE",
"requestUri": "/api/v1/groups/00g8mo0l5wuTxmoIC0h7/users/00uptu0jj9V91p5QM0h7",
"threatSuspected": "false",
"url": "/api/v1/groups/00g8mo0l5wuTxmoIC0h7/users/00uptu0jj9V91p5QM0h7?"
}
},
"displayMessage": "Remove user from group membership",
"eventType": "group.user_membership.remove",
"legacyEventType": "core.user_group_member.user_remove",
"outcome": {
"reason": null,
"result": "SUCCESS"
},
"published": "2020-03-03T20:23:17.573Z",
"request": {
"ipChain": [
{
"geographicalContext": {
"city": "Boardman",
"country": "United States",
"geolocation": {
"lat": 45.8491,
"lon": -119.7143
},
"postalCode": "97818",
"state": "Oregon"
},
"ip": "127.0.0.1",
"source": null,
"version": "V4"
}
]
},
"securityContext": {
"asNumber": null,
"asOrg": null,
"domain": null,
"isProxy": null,
"isp": null
},
"severity": "INFO",
"target": [
{
"alternateId": "test@this.com",
"detailEntry": null,
"displayName": "test this",
"id": "00uptu0jj9V91p5QM0h7",
"type": "User"
},
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "test1",
"id": "00g8mo0l5wuTxmoIC0h7",
"type": "UserGroup"
}
],
"transaction": {
"detail": {},
"id": "Xl68tch@7iZvNo0k8vPc5gAAAmE",
"type": "WEB"
},
"uuid": "d14117f9-5d8c-11ea-a9cb-1f2fbd3b03f7",
"version": "0"
}
}
}
}
Actor ActorAlternaneId ChainIP Client EventInfo EventOutcome EventSeverity RequestIP Targets Time Test Demisto (User) Test@demisto.com 127.0.0.1 Unknown browser on Unknown OS Unknown device Remove user from group membership SUCCESS INFO 127.0.0.1 test this (User) test1 (UserGroup) 03/03/2020, 20:23:17
Gets events for when a user was added to a group.
okta-get-group-assignments
| Argument Name | Description | Required |
|---|---|---|
| since | Filters the lower time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z. | Optional |
| until | Filters the upper time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z. | Optional |
| sortOrder | The order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING". Possible values are: ASCENDING, DESCENDING. Default is ASCENDING. | Optional |
| limit | The maximum number of results to return. The default is 100. Default is 100. | Optional |
| Path | Type | Description |
|---|---|---|
| Okta.Logs.Events.actor.alternateId | String | Alternative ID of the actor. |
| Okta.Logs.Events.actor.displayName | String | Display name of the actor. |
| Okta.Logs.Event.actor.id | String | ID of the actor. |
| Okta.Logs.Events.client.userAgent.rawUserAgent | String | A raw string representation of user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field. |
| Okta.Logs.Events.client.userAgent.os | String | The operating system on which the client runs. For example, Microsoft Windows 10. |
| Okta.Logs.Events.client.userAgent.browser | String | Identifies the type of web browser, if relevant. For example, Chrome. |
| Okta.Logs.Events.client.device | String | Type of device from which the client operated. For example, Computer. |
| Okta.Logs.Events.client.id | String | For OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request. |
| Okta.Logs.Events.client.ipAddress | String | IP address from which the client made its request. |
| Okta.Logs.Events.client.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
| Okta.Logs.Events.client.geographicalContext.state | String | Full name of the state or province encompassing in the area containing the geo-location coordinates. For example, Montana, Incheon. |
| Okta.Logs.Events.client.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
| Okta.Logs.Events.displayMessage | String | The display message for an event. |
| Okta.Logs.Events.eventType | String | Type of event that was published. |
| Okta.Logs.Events.outcome.result | String | Result of the action. Can be "SUCCESS", "FAILURE", "SKIPPED", or "UNKNOWN". |
| Okta.Logs.Events.outcome.reason | Unknown | Reason for the result. For example INVALID_CREDENTIALS. |
| Okta.Logs.Events.published | String | Timestamp when the event was published. |
| Okta.Logs.Events.severity | String | The event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR". |
| Okta.Logs.Events.securityContext.asNumber | Number | Autonomous system number associated with the autonomous system that the event request was sourced to. |
| Okta.Logs.Events.securityContext.asOrg | String | Organization associated with the autonomous system that the event request was sourced to. |
| Okta.Logs.Events.securityContext.isp | String | Internet service provider used to send the event's request. |
| Okta.Logs.Events.securityContext.domain | String | The domain name associated with the IP address of the inbound event request. |
| Okta.Logs.Events.securityContext.isProxy | String | Specifies whether an event's request is from a known proxy. |
| Okta.Logs.Events.request.ipChain.IP | String | IP address. |
| Okta.Logs.Events.request.ipChain.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
| Okta.Logs.Events.request.ipChain.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
| Okta.Logs.Events.request.ipChain.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
| Okta.Logs.Events.request.ipChain.source | String | Details regarding the source. |
| Okta.Logs.Events.target.id | String | ID of a target. |
| Okta.Logs.Events.target.type | String | Target type. |
| Okta.Logs.Events.target.alternateId | String | Alternative ID of a target. |
| Okta.Logs.Events.target.displayName | String | Display name of a target. |
!okta-get-group-assignments since="2019-04-30T00:00:00.000Z" limit=1
{
"Okta": {
"Logs": {
"Events": {
"actor": {
"alternateId": "Test@demisto.com",
"detailEntry": null,
"displayName": "Test Demisto",
"id": "00u66lckd7lpjidYi0h7",
"type": "User"
},
"authenticationContext": {
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "trs4IvlVrvVR9G8RPsPtFjwBA",
"interface": null,
"issuer": null
},
"client": {
"device": "Unknown",
"geographicalContext": {
"city": "Boardman",
"country": "United States",
"geolocation": {
"lat": 45.8491,
"lon": -119.7143
},
"postalCode": "97818",
"state": "Oregon"
},
"id": null,
"ipAddress": "127.0.0.1",
"userAgent": {
"browser": "UNKNOWN",
"os": "Unknown",
"rawUserAgent": "Demisto/1.0"
},
"zone": "null"
},
"debugContext": {
"debugData": {
"requestId": "XXxTqUauHPkBXo4-TEcw9QAAAq0",
"requestUri": "/api/v1/groups/00g8mo0l5wuTxmoIC0h7/users/00ued6gq9jItNhAsN0h7",
"url": "/api/v1/groups/00g8mo0l5wuTxmoIC0h7/users/00ued6gq9jItNhAsN0h7?"
}
},
"displayMessage": "Add user to group membership",
"eventType": "group.user_membership.add",
"legacyEventType": "core.user_group_member.user_add",
"outcome": {
"reason": null,
"result": "SUCCESS"
},
"published": "2019-09-14T02:42:49.379Z",
"request": {
"ipChain": [
{
"geographicalContext": {
"city": "Boardman",
"country": "United States",
"geolocation": {
"lat": 45.8491,
"lon": -119.7143
},
"postalCode": "97818",
"state": "Oregon"
},
"ip": "127.0.0.1",
"source": null,
"version": "V4"
}
]
},
"securityContext": {
"asNumber": null,
"asOrg": null,
"domain": null,
"isProxy": null,
"isp": null
},
"severity": "INFO",
"target": [
{
"alternateId": "test@this.com",
"detailEntry": null,
"displayName": "test this",
"id": "00ued6gq9jItNhAsN0h7",
"type": "User"
},
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "test1",
"id": "00g8mo0l5wuTxmoIC0h7",
"type": "UserGroup"
}
],
"transaction": {
"detail": {},
"id": "XXxTqUauHPkBXo4-TEcw9QAAAq0",
"type": "WEB"
},
"uuid": "5741ef53-d699-11e9-a08c-d549acc8afb2",
"version": "0"
}
}
}
}
Actor ActorAlternaneId ChainIP Client EventInfo EventOutcome EventSeverity RequestIP Targets Time Test Demisto (User) Test@demisto.com 127.0.0.1 Unknown browser on Unknown OS Unknown device Add user to group membership SUCCESS INFO 127.0.0.1 test this (User) test1 (UserGroup) 09/29/2019, 03:47:46
Returns events for when a user was assigned to an application.
okta-get-application-assignments
| Argument Name | Description | Required |
|---|---|---|
| since | Filters the lower time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z. | Optional |
| until | Filters the upper time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z. | Optional |
| sortOrder | The order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING". Possible values are: ASCENDING, DESCENDING. Default is ASCENDING. | Optional |
| limit | The maximum number of results to return. The default is 100. Default is 100. | Optional |
| Path | Type | Description |
|---|---|---|
| Okta.Logs.Events.actor.alternateId | String | Alternative ID of the actor. |
| Okta.Logs.Events.actor.displayName | String | Display name of the actor. |
| Okta.Logs.Event.actor.id | String | ID of the actor. |
| Okta.Logs.Events.client.userAgent.rawUserAgent | String | A raw string representation of the user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field. |
| Okta.Logs.Events.client.userAgent.os | String | The OS on which the client runs. For example, Microsoft Windows 10. |
| Okta.Logs.Events.client.userAgent.browser | String | Identifies the type of web browser, if relevant. For example, Chrome. |
| Okta.Logs.Events.client.device | String | Type of device from which the client operated. For example, Computer. |
| Okta.Logs.Events.client.id | String | For OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request. |
| Okta.Logs.Events.client.ipAddress | String | IP address from which the client made its request. |
| Okta.Logs.Events.client.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
| Okta.Logs.Events.client.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
| Okta.Logs.Events.client.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
| Okta.Logs.Events.displayMessage | String | The display message for an event. |
| Okta.Logs.Events.eventType | String | Type of event that was published. |
| Okta.Logs.Events.outcome.result | String | Result of the action. For example, "SUCCESS", "FAILURE", "SKIPPED", or "UNKNOWN". |
| Okta.Logs.Events.outcome.reason | String | Reason for the result. For example INVALID_CREDENTIALS. |
| Okta.Logs.Events.published | String | Timestamp when the event was published. |
| Okta.Logs.Events.severity | String | The event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR". |
| Okta.Logs.Events.securityContext.asNumber | Number | Autonomous system number associated with the autonomous system that the event request was sourced to. |
| Okta.Logs.Events.securityContext.asOrg | String | Organization associated with the autonomous system that the event request was sourced to. |
| Okta.Logs.Events.securityContext.isp | String | Internet service provider used to send the event's request. |
| Okta.Logs.Events.securityContext.domain | String | The domain name associated with the IP address of the inbound event request. |
| Okta.Logs.Events.securityContext.isProxy | String | Specifies whether an event's request is from a known proxy. |
| Okta.Logs.Events.request.ipChain.IP | String | IP address. |
| Okta.Logs.Events.request.ipChain.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
| Okta.Logs.Events.request.ipChain.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
| Okta.Logs.Events.request.ipChain.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
| Okta.Logs.Events.request.ipChain.source | String | Details regarding the source. |
| Okta.Logs.Events.target.id | String | ID of a target. |
| Okta.Logs.Events.target.type | String | Type of a target. |
| Okta.Logs.Events.target.alternateId | String | Alternative ID of a target. |
| Okta.Logs.Events.target.displayName | String | Display name of a target. |
!okta-get-application-assignments since="2019-04-30T00:00:00.000Z" until="2020-02-30T00:00:00.000Z" sortOrder=DESCENDING limit=1
{
"Okta": {
"Logs": {
"Events": {
"actor": {
"alternateId": "Test@demisto.com",
"detailEntry": null,
"displayName": "Test Demisto",
"id": "00u66lckd7lpjidYi0h7",
"type": "User"
},
"authenticationContext": {
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "trsFSV6XXY4TMCSB_xzJrZ85A",
"interface": null,
"issuer": null
},
"client": {
"device": "Unknown",
"geographicalContext": {
"city": "Boardman",
"country": "United States",
"geolocation": {
"lat": 45.8491,
"lon": -119.7143
},
"postalCode": "97818",
"state": "Oregon"
},
"id": null,
"ipAddress": "127.0.0.1",
"userAgent": {
"browser": "UNKNOWN",
"os": "Unknown",
"rawUserAgent": "python-requests/2.22.0"
},
"zone": "null"
},
"debugContext": {
"debugData": {
"requestId": "XlgCgAEBMJsNo5Yh9rHtZAAACPw",
"requestUri": "/api/v1/users/00upywm7l0rL1V0zt0h7/lifecycle/activate",
"threatSuspected": "false",
"url": "/api/v1/users/00upywm7l0rL1V0zt0h7/lifecycle/activate?"
}
},
"displayMessage": "Add user to application membership",
"eventType": "application.user_membership.add",
"legacyEventType": "app.generic.provision.assign_user_to_app",
"outcome": {
"reason": null,
"result": "SUCCESS"
},
"published": "2020-02-27T17:55:12.949Z",
"request": {
"ipChain": [
{
"geographicalContext": {
"city": "Boardman",
"country": "United States",
"geolocation": {
"lat": 45.8491,
"lon": -119.7143
},
"postalCode": "97818",
"state": "Oregon"
},
"ip": "127.0.0.1",
"source": null,
"version": "V4"
}
]
},
"securityContext": {
"asNumber": null,
"asOrg": null,
"domain": null,
"isProxy": null,
"isp": null
},
"severity": "INFO",
"target": [
{
"alternateId": "Test1@test.com",
"detailEntry": null,
"displayName": "Test 1 that",
"id": "0uapywj3yxcjhpjSQ0h7",
"type": "AppUser"
},
{
"alternateId": "ShrikSAML",
"detailEntry": null,
"displayName": "ShrikSAML",
"id": "0oabe0e2jruaQccDf0h7",
"type": "AppInstance"
},
{
"alternateId": "Test1@test.com",
"detailEntry": null,
"displayName": "Test 1 that",
"id": "00upywm7l0rL1V0zt0h7",
"type": "User"
}
],
"transaction": {
"detail": {},
"id": "XlgCgAEBMJsNo5Yh9rHtZAAACPw",
"type": "WEB"
},
"uuid": "4d8a4e9a-598a-11ea-a594-b9fb637659a5",
"version": "0"
}
}
}
}
Actor ActorAlternaneId ChainIP Client EventInfo EventOutcome EventSeverity RequestIP Targets Time Test Demisto (User) Test@demisto.com 127.0.0.1 Unknown browser on Unknown OS Unknown device Add user to application membership SUCCESS INFO 127.0.0.1 Test 1 that (AppUser) ShrikSAML (AppInstance) Test 1 that (User) 02/27/2020, 17:55:12
Returns logs using specified filters.
okta-get-application-authentication
| Argument Name | Description | Required |
|---|---|---|
| since | Filters the lower time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z. | Optional |
| until | Filters the upper time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z. | Optional |
| sortOrder | The order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING". Possible values are: ASCENDING, DESCENDING. Default is ASCENDING. | Optional |
| limit | The maximum number of results to return. The default is 100. Default is 100. | Optional |
| Path | Type | Description |
|---|---|---|
| Okta.Logs.Events.actor.alternateId | String | Alternative ID of the actor. |
| Okta.Logs.Events.actor.displayName | String | Display name of the actor. |
| Okta.Logs.Events.actor.id | String | ID of the actor. |
| Okta.Logs.Events.client.userAgent.rawUserAgent | String | A raw string representation of user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field. |
| Okta.Logs.Events.client.userAgent.os | String | The operating system on which the client runs. For example, Microsoft Windows 10. |
| Okta.Logs.Events.client.userAgent.browser | String | Identifies the type of web browser, if relevant. For example, Chrome. |
| Okta.Logs.Events.client.device | String | Type of device from which the client operated. For example, Computer. |
| Okta.Logs.Events.client.id | String | For OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request. |
| Okta.Logs.Events.client.ipAddress | String | IP address from which the client made its request. |
| Okta.Logs.Events.client.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
| Okta.Logs.Events.client.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
| Okta.Logs.Events.client.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
| Okta.Logs.Events.displayMessage | String | The display message for an event. |
| Okta.Logs.Events.eventType | String | Type of event that was published. |
| Okta.Logs.Events.outcome.result | String | Result of the action. Can be "SUCCESS", "FAILURE", "SKIPPED", or "UNKNOWN". |
| Okta.Logs.Events.outcome.reason | String | Reason for the result. For example INVALID_CREDENTIALS. |
| Okta.Logs.Events.published | String | Timestamp when the event was published. |
| Okta.Logs.Events.severity | String | The event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR". |
| Okta.Logs.Events.securityContext.asNumber | Number | Autonomous system number associated with the autonomous system that the event request was sourced to. |
| Okta.Logs.Events.securityContext.asOrg | String | Organization associated with the autonomous system that the event request was sourced to. |
| Okta.Logs.Events.securityContext.isp | String | Internet service provider used to send the event's request. |
| Okta.Logs.Events.securityContext.domain | String | The domain name associated with the IP address of the inbound event request. |
| Okta.Logs.Events.securityContext.isProxy | String | Specifies whether an event's request is from a known proxy. |
| Okta.Logs.Events.request.ipChain.IP | String | IP address. |
| Okta.Logs.Events.request.ipChain.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
| Okta.Logs.Events.request.ipChain.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
| Okta.Logs.Events.request.ipChain.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
| Okta.Logs.Events.request.ipChain.source | String | Details regarding the source. |
| Okta.Logs.Events.target.id | String | ID of a target. |
| Okta.Logs.Events.target.type | String | Type of a target. |
| Okta.Logs.Events.target.alternateId | String | Alternative ID of a target. |
| Okta.Logs.Events.target.displayName | String | Display name of a target. |
!okta-get-application-authentication since="2019-04-30T00:00:00.000Z" until="2020-02-30T00:00:00.000Z" limit=1
{
"Okta": {
"Logs": {
"Events": {
"actor": {
"alternateId": "Test@demisto.com",
"detailEntry": null,
"displayName": "Test Demisto",
"id": "00u66lckd7lpjidYi0h7",
"type": "User"
},
"authenticationContext": {
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "102ejbJMP0RSE2zwIOhr_PpHA",
"interface": null,
"issuer": null
},
"client": {
"device": "Computer",
"geographicalContext": {
"city": "Tel Aviv",
"country": "Israel",
"geolocation": {
"lat": 32.0678,
"lon": 34.7647
},
"postalCode": null,
"state": "Tel Aviv"
},
"id": null,
"ipAddress": "127.0.0.1",
"userAgent": {
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
},
"zone": "null"
},
"debugContext": {
"debugData": {
"authnRequestId": "XYI-PiWDTYEsVNLm7sc0vwAACi0",
"initiationType": "SP_INITIATED",
"requestId": "XYI-PzNoI1UMTtFvio-9LAAACAc",
"requestUri": "/app/demistodev725178_benzi_1/exkm30ffmuhcL0rFv0h7/sso/saml",
"signOnMode": "SAML 2.0",
"url": "/app/demistodev725178_benzi_1/exkm30ffmuhcL0rFv0h7/sso/saml?RelayState=&SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iXzRiODZjMGUzLWI0NzktNGU2NS00ZjIwLWJiNTE0YTc3NTUyMiIgVmVyc2lvbj0iMi4wIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cHM6Ly9lYzItNTItNDgtMTItMTIzLmV1LXdlc3QtMS5jb21wdXRlLmFtYXpvbmF3cy5jb20vc2FtbCIgSXNzdWVJbnN0YW50PSIyMDE5LTA5LTE4VDE0OjIyOjM3WiI%2BPHNhbWw6SXNzdWVyPmh0dHBzOi8vZGV2LTcyNTE3OC5va3RhcHJldmlldy5jb20vYXBwL2V4a20zMGZmbXVoY0wwckZ2MGg3L3Nzby9zYW1sL21ldGFkYXRhPC9zYW1sOklzc3Vlcj48c2FtbHA6TmFtZUlEUG9saWN5IEFsbG93Q3JlYXRlPSJ0cnVlIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnBlcnNpc3RlbnQiPjwvc2FtbHA6TmFtZUlEUG9saWN5Pjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%3D%3D&fromLoginToken=OODncZp5PTgZ-8QwGMHgbJ6psmQES6dUWiMohfLGGm7GWKko8LFXHz3faG7ZkoocPX2ixv-dyUSOF7qJ9DZDVoVkeETM7n6MskWQ01woQFqUcUVdM1xDBmplZlK1DMhX6ozpZQV2XNK073FfDt4bASBEFFgGkFi5ygH-LmBFSfcoiLWHM5MGJ-JEUB97peJxOL41inNX2r333FMJoDzem0dLAOf4cfApoVz7VDdY06r8i6Lt0vuxmxKyZRWJkCHroKyc3ysag9gbUMR5tSoe3hRPJvCBozjYtzkpVlLBP_6V01eGL2YVP8JR2rkpI8MvBYNDLIoJry1e_eBOF3kzJA"
}
},
"displayMessage": "User single sign on to app",
"eventType": "user.authentication.sso",
"legacyEventType": "app.auth.sso",
"outcome": {
"reason": null,
"result": "SUCCESS"
},
"published": "2019-09-18T14:29:19.329Z",
"request": {
"ipChain": [
{
"geographicalContext": {
"city": "Tel Aviv",
"country": "Israel",
"geolocation": {
"lat": 32.0678,
"lon": 34.7647
},
"postalCode": null,
"state": "Tel Aviv"
},
"ip": "127.0.0.1",
"source": null,
"version": "V4"
}
]
},
"securityContext": {
"asNumber": null,
"asOrg": null,
"domain": null,
"isProxy": null,
"isp": null
},
"severity": "INFO",
"target": [
{
"alternateId": "benzi_master",
"detailEntry": {
"signOnModeType": "SAML_2_0"
},
"displayName": "benzi_master",
"id": "0oam30ffmvM5cLzxo0h7",
"type": "AppInstance"
},
{
"alternateId": "Test@demisto.com",
"detailEntry": null,
"displayName": "Test Demisto",
"id": "0uam30nfffJqV3I4M0h7",
"type": "AppUser"
}
],
"transaction": {
"detail": {},
"id": "XYI-PzNoI1UMTtFvio-9LAAACAc",
"type": "WEB"
},
"uuid": "b349fd35-da20-11e9-81c0-95908eb13131",
"version": "0"
}
}
}
}
Actor ActorAlternaneId ChainIP Client EventInfo EventOutcome EventSeverity RequestIP Targets Time Test Demisto (User) Test@demisto.com 127.0.0.1 CHROME on Mac OS X Computer User single sign on to app SUCCESS INFO 127.0.0.1 BenziPermanent (AppInstance) Test Demisto (AppUser) 10/14/2019, 12:16:53
Deletes the specified user.
okta-delete-user
| Argument Name | Description | Required |
|---|---|---|
| userId | Okta User ID. | Optional |
| username | Username of the user. | Optional |
There is no context output for this command.
!okta-delete-user username=testForDocs@test.com
User: testForDocs@test.com was Deleted successfully
Removes all active identity provider sessions. This forces the user to authenticate upon the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user. For more information and examples: https://developer.okta.com/docs/reference/api/users/#user-sessions
okta-clear-user-sessions
| Argument Name | Description | Required |
|---|---|---|
| userId | Okta User ID. | Required |
There is no context output for this command.
!okta-clear-user-sessions userId=00ui5brmwtJpMdoZZ0h7
Get an Okta Zone object.
okta-list-zones
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of results to return. | Optional |
| Path | Type | Description |
|---|---|---|
| Okta.Zone.created | Date | Zone creation timestamp, in the format 2020-04-06T22:23:12.000Z. |
| Okta.Zone.gateways.type | String | Gateways IP entry type, e.g., CIDR. |
| Okta.Zone.gateways.value | String | Gateways IP entry value, e.g., 34.103.1.108/32. |
| Okta.Zone.id | String | Zone ID, e.g., nzoqsmcx1qWYJ6wYF0h7. |
| Okta.Zone.lastUpdated | Date | Zone last update timestamp, e.g., 2020-04-06T22:23:12.000Z. |
| Okta.Zone.name | String | Zone name. |
| Okta.Zone.proxies.type | String | Proxies IP entry type e.g. CIDR. |
| Okta.Zone.proxies.value | Unknown | Proxies IP entry value, e.g., 34.103.1.108/32. |
| Okta.Zone.status | String | Zone status, e.g., ACTIVE. |
| Okta.Zone.system | Number | True if this is a system zone, false if user-created. |
| Okta.Zone.type | String | Zone type, e.g., IP. |
!okta-list-zones
{
"Okta": {
"Zone": [
{
"_links": {
"deactivate": {
"hints": {
"allow": [
"POST"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzo9rbw8evGOFV1VE0h7/lifecycle/deactivate"
},
"self": {
"hints": {
"allow": [
"GET",
"PUT",
"DELETE"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzo9rbw8evGOFV1VE0h7"
}
},
"created": "2017-03-03T22:05:24.000Z",
"gateways": [
{
"type": "CIDR",
"value": "2.2.2.2/32"
}
],
"id": "nzo9rbw8evGOFV1VE0h7",
"lastUpdated": "2020-04-23T08:58:55.000Z",
"name": "LegacyIpZone",
"proxies": null,
"status": "ACTIVE",
"system": true,
"type": "IP"
},
{
"_links": {
"deactivate": {
"hints": {
"allow": [
"POST"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzoqsmcx1qWYJ6wY33h7/lifecycle/deactivate"
},
"self": {
"hints": {
"allow": [
"GET",
"PUT",
"DELETE"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzoqsmcx1qWYJ6wY33h7"
}
},
"created": "2020-04-06T22:23:12.000Z",
"gateways": [
{
"type": "CIDR",
"value": "1.1.1.2/32"
},
{
"type": "CIDR",
"value": "1.1.1.3/32"
},
{
"type": "CIDR",
"value": "2.2.2.2/32"
},
{
"type": "CIDR",
"value": "2.2.2.3/32"
}
],
"id": "nzoqsmcx1qWYJ6wY33h7",
"lastUpdated": "2020-06-05T08:57:57.000Z",
"name": "MyZone",
"proxies": null,
"status": "ACTIVE",
"system": false,
"type": "IP"
}
]
}
}
name id gateways status system lastUpdated created LegacyIpZone nzo9rbw8evGOFV1VE0h7 {'type': 'CIDR', 'value': '2.2.2.2/32'} ACTIVE true 2020-04-23T08:58:55.000Z 2017-03-03T22:05:24.000Z MyZone nzoqsmcx1qWYJ6wY33h7 {'type': 'CIDR', 'value': '3.3.3.4/32'},
{'type': 'CIDR', 'value': '5.5.5.3/32'},
{'type': 'CIDR', 'value': '3.3.3.1/32'},
{'type': 'CIDR', 'value': '2.2.2.3/32'}ACTIVE false 2020-06-05T08:57:57.000Z 2020-04-06T22:23:12.000Z
Update an Okta Zone.
okta-update-zone
| Argument Name | Description | Required |
|---|---|---|
| zoneID | Zone ID to update, e.g., nzoqsmcx1qWYJ6wYF0h7. | Required |
| zoneName | Updates the zone name. | Optional |
| gatewayIPs | Updates Gateway IP addresses: CIDR range (1.1.0.0/16) or single IP address (2.2.2.2). | Optional |
| proxyIPs | Update Proxy IP addresses: CIDR range (1.1.0.0/16) or single IP address (2.2.2.2). | Optional |
| Path | Type | Description |
|---|---|---|
| Okta.Zone.created | Date | Zone creation timestamp, e.g., 2020-04-06T22:23:12.000Z. |
| Okta.Zone.gateways.type | String | Gateways IP entry type, e.g., CIDR. |
| Okta.Zone.gateways.value | String | Gateways IP entry value, e.g., 34.103.1.108/32. |
| Okta.Zone.id | String | Okta Zone ID, e.g., nzoqsmcx1qWYJ6wYF0h7. |
| Okta.Zone.lastUpdated | Date | Zone last update timestamp, in the format 2020-04-06T22:23:12.000Z. |
| Okta.Zone.name | String | Zone name. |
| Okta.Zone.proxies.type | String | Proxies IP entry type, e.g., CIDR. |
| Okta.Zone.proxies.value | Unknown | Proxies IP entry value, e.g., 34.103.1.108/32. |
| Okta.Zone.status | String | Zone status, e.g., ACTIVE. |
| Okta.Zone.system | Number | True if this is a system zone, false if user-created. |
| Okta.Zone.type | String | Zone type, e.g., IP. |
!okta-update-zone zoneID=nzoqsmcx1qWYJ6wY33h7 zoneName=MyZone
{
"Okta": {
"Zone": {
"_links": {
"deactivate": {
"hints": {
"allow": [
"POST"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzoqsmcx1qWYJ6wY33h7/lifecycle/deactivate"
},
"self": {
"hints": {
"allow": [
"GET",
"PUT",
"DELETE"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzoqsmcx1qWYJ6wY33h7"
}
},
"created": "2020-04-06T22:23:12.000Z",
"gateways": [
{
"type": "CIDR",
"value": "1.1.3.5/32"
},
{
"type": "CIDR",
"value": "5.3.143.103/32"
},
{
"type": "CIDR",
"value": "5.3.246.228/32"
},
{
"type": "CIDR",
"value": "5.3.246.229/32"
}
],
"id": "nzoqsmcx1qWYJ6wY33h7",
"lastUpdated": "2020-06-05T08:57:57.000Z",
"name": "MyZone",
"proxies": null,
"status": "ACTIVE",
"system": false,
"type": "IP"
}
}
}
name id gateways status system lastUpdated created MyZone nzoqsmcx1qWYJ6wY33h7 {'type': 'CIDR', 'value': '1.3.1.5/32'},
{'type': 'CIDR', 'value': '1.3.1.5/32'},
{'type': 'CIDR', 'value': '1.3.1.5/32'},
{'type': 'CIDR', 'value': '1.3.1.5/32'}ACTIVE false 2020-06-05T08:57:57.000Z 2020-04-06T22:23:12.000Z
Get a Zone by its ID.
okta-get-zone
| Argument Name | Description | Required |
|---|---|---|
| zoneID | Zone ID to get, e.g., nzoqsmcx1qWYJ6wYF0h.7. | Required |
| Path | Type | Description |
|---|---|---|
| Okta.Zone.created | Date | Zone creation timestamp, in the format 2020-04-06T22:23:12.000Z. |
| Okta.Zone.gateways.type | String | Gateways IP entry type, e.g., CIDR. |
| Okta.Zone.gateways.value | String | Gateways IP entry value, e.g., 34.103.1.108/32. |
| Okta.Zone.id | String | Okta Zone ID, e.g., nzoqsmcx1qWYJ6wYF0h7. |
| Okta.Zone.lastUpdated | Date | Zone last update timestamp, in the format 2020-04-06T22:23:12.000Z. |
| Okta.Zone.name | String | Zone name. |
| Okta.Zone.proxies.type | String | Proxies IP entry type, e.g., CIDR. |
| Okta.Zone.proxies.value | Unknown | Proxies IP entry value, e.g., 34.103.1.108/32. |
| Okta.Zone.status | String | Zone status, e.g,. ACTIVE. |
| Okta.Zone.system | Number | True if this is a system zone, false if user-created. |
| Okta.Zone.type | String | Zone type, e.g., IP. |
!okta-get-zone zoneID=nzoqsmcx1qWYJ6wY33h7
{
"Okta": {
"Zone": {
"_links": {
"deactivate": {
"hints": {
"allow": [
"POST"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzoqsmcx1qWYJ6wY33h7/lifecycle/deactivate"
},
"self": {
"hints": {
"allow": [
"GET",
"PUT",
"DELETE"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzoqsmcx1qWYJ6wY33h7"
}
},
"created": "2020-04-06T22:23:12.000Z",
"gateways": [
{
"type": "CIDR",
"value": "1.3.1.3/32"
},
{
"type": "CIDR",
"value": "3.5.146.103/32"
},
{
"type": "CIDR",
"value": "3.5.1.228/32"
},
{
"type": "CIDR",
"value": "3.5.1.229/32"
}
],
"id": "nzoqsmcx1qWYJ6wY33h7",
"lastUpdated": "2020-06-05T08:57:57.000Z",
"name": "MyZone",
"proxies": null,
"status": "ACTIVE",
"system": false,
"type": "IP"
}
}
}
name id gateways status system lastUpdated created MyZone nzoqsmcx1qWYJ6wY33h7 {'type': 'CIDR', 'value': '1.3.1.3/32'},
{'type': 'CIDR', 'value': '3.5.146.103/32'},
{'type': 'CIDR', 'value': '3.5.1.228/32'},
{'type': 'CIDR', 'value': '3.5.1.229/32'}ACTIVE false 2020-06-05T08:57:57.000Z 2020-04-06T22:23:12.000Z
Lists users in your organization.
okta-list-users
| Argument Name | Description | Required |
|---|---|---|
| verbose | Whether to return extended user information. Can be "true" or "false". The default is "false". Possible values are: true, false. Default is false. | Optional |
| limit | The maximum number of results to return. | Optional |
| query | Searches the name property of groups for matching values. | Optional |
| filter | Useful for performing structured queries where constraints on group attribute values can be explicitly targeted. The following expressions are supported(among others) for groups with the filter query parameter: type eq "OKTA_GROUP" - Groups that have a type of OKTA_GROUP; lastUpdated lt "yyyy-MM-dd''T''HH:mm:ss.SSSZ" - Groups with profile last updated before a specific timestamp; lastMembershipUpdated eq "yyyy-MM-dd''T''HH:mm:ss.SSSZ" - Groups with memberships last updated at a specific timestamp; id eq "00g1emaKYZTWRYYRRTSK" - Group with a specified ID. |
|
| For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering. | Optional | |
| after | The cursor in which to retrive the results from and on. If the query didn't reach the end of results, the tag will be found in the readable output under the tag key. | Optional |
| Path | Type | Description |
|---|---|---|
| Account.ID | String | Okta account ID. |
| Account.Email | String | Okta account email. |
| Account.Username | String | Okta account username. |
| Account.DisplayName | String | Okta account display name. |
| Account.Status | String | Okta account status. |
| Account.Created | Date | Timestamp for when the user was created. |
| Account.Activated | Date | Timestamp for when the user was activated. |
| Account.StatusChanged | Date | Timestamp for when the user's status was last changed. |
| Account.PasswordChanged | Date | Timestamp for when the user's password was last changed. |
| Okta.User.tag | String | The location of the next item, used with after param. |
!okta-list-users
{
"Okta":
{
"User":
{
"tag": "test12tag"
}
},
"Account": [
{
"Created": "2018-07-24T20:20:04.000Z",
"DisplayName": "Dbot XSOAR",
"Email": "dbot@xsoar.com",
"ID": "XXXXXXXXX",
"Status": "STAGED",
"Type": "Okta",
"Username": "dbot@xsoar.com"
}
]
}
First Name ID Last Login Last Name Login Mobile Phone Status Dbot XXXXX XSOAR dbot@xsoar.com STAGED
Creates a Zone with the specified name.
okta-create-zone
| Argument Name | Description | Required |
|---|---|---|
| name | Zone name. | Required |
| gateway_ips | Update Gateway IP addresses: CIDR range (1.1.0.0/16) or single IP address (2.2.2.2). | Optional |
| proxies | Update Proxy IP addresses: CIDR range (1.1.0.0/16) or single IP address (2.2.2.2). | Optional |
There is no context output for this command.
Create a new group in Okta tenant.
okta-create-group
| Argument Name | Description | Required |
|---|---|---|
| name | Name of the group to add. | Required |
| description | Description of the group to add. | Optional |
| Path | Type | Description |
|---|---|---|
| OktaGroup.ID | Unknown | Group ID in Okta. |
| OktaGroup.Name | Unknown | Group name in Okta. |
| OktaGroup.Description | Unknown | Group description in Okta. |
| OktaGroup.Type | Unknown | Group type in Okta. |
!okta-create-group name="TestGroup" description="TestGroup description."
{
"OktaGroup": {
"Description": "TestGroup description.",
"ID": "00g3qb398kItYXzKd1d7",
"Name": "TestGroup",
"Type": "OKTA_GROUP"
}
}Group Created: [GroupID:00g3qb398kItYXzKd1d7, GroupName: TestGroup]
Assign a group to an application.
okta-assign-group-to-app
| Argument Name | Description | Required |
|---|---|---|
| groupName | Name of the group to assign to the app. | Optional |
| groupId | ID of the group to assign to the app. | Optional |
| appName | Friendly name of the app that the group will be assigned to. | Optional |
There is no context output for this command.
!okta-assign-group-to-app appName="Default-App" groupName="TestGroup"
Group: TestGroup added to PA App successfully
Expires a password for an existing Okta user.
okta-expire-password
| Argument Name | Description | Required |
|---|---|---|
| username | Okta username for which to expire the password. | Required |
| temporary_password | When true, you'll need to change the password in the next login. Possible values are: true, false. Default is false. | Optional |
| Path | Type | Description |
|---|---|---|
| Account.Activated | Date | Timestamp for when the user was activated. |
| Account.Created | Date | Timestamp for when the user was created. |
| Account.DisplayName | String | Okta account display name. |
| Account.Email | String | Okta account email. |
| Account.ID | String | Created Okta account ID. |
| Account.PasswordChanged | Date | Timestamp for when the user's password was last changed. |
| Account.Status | String | Okta account current status. |
| Account.StatusChanged | Date | Timestamp for when the user's status was last changed. |
| Account.Type | String | Okta account type. |
| Account.Username | String | Okta account usernames returned by the search. |
!okta-expire-password username="4x1xh5rl@test.com" temporary_password="false"
{
"Account": {
"Activated": "2022-06-20T04:48:04.000Z",
"Created": "2022-06-20T04:47:59.000Z",
"DisplayName": "Test 1 Test1",
"Email": "4x1xh5rl@test.com",
"ID": "00u19cr5qv91HjELI0h8",
"PasswordChanged": "2022-06-20T04:48:07.000Z",
"Status": "PASSWORD_EXPIRED",
"StatusChanged": "2023-09-10T12:56:04.000Z",
"Type": "Okta",
"Username": "4x1xh5rl@test.com"
}
}
_links activated created credentials id lastUpdated passwordChanged profile status statusChanged type suspend: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/lifecycle/suspend", "method": "POST"}
schema: {"href": "https://test.oktapreview.com/api/v1/meta/schemas/user/osc66lckcvDyVcGzS0h7"}
resetPassword: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/lifecycle/reset_password", "method": "POST"}
forgotPassword: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/credentials/forgot_password", "method": "POST"}
expirePassword: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/lifecycle/expire_password", "method": "POST"}
changeRecoveryQuestion: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/credentials/change_recovery_question", "method": "POST"}
self: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8"}
type: {"href": "https://test.oktapreview.com/api/v1/meta/types/user/oty66lckcvDyVcGzS0h7"}
changePassword: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/credentials/change_password", "method": "POST"}
deactivate: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/lifecycle/deactivate", "method": "POST"}2022-06-20T04:48:04.000Z 2022-06-20T04:47:59.000Z password: {}
recovery_question: {"question": "whats the first school?"}
provider: {"type": "OKTA", "name": "OKTA"}00u19cr5qv91HjELI0h8 2023-09-10T12:56:04.000Z 2022-06-20T04:48:07.000Z firstName: Test 1
lastName: Test1
preferredLanguage: en
mobilePhone: null
city: Tel-Aviv
displayName: Test 1 that
nickName: Testush
secondEmail: null
login: 4x1xh5rl@test.com
email: 4x1xh5rl@test.com
employeeNumber: 12345PASSWORD_EXPIRED 2023-09-10T12:56:04.000Z id: oty66lckcvDyVcGzS0h7
Reset OAuth authentication data (authentication process will start from the beginning, and a new token will be generated).
okta-auth-reset
There are no input arguments for this command.
There is no context output for this command.