[Marketplace Contribution] Okta - Content Pack Update (#29303)

* "contribution update to pack "Okta"" * minor fixes * add outputs and readme * add outputs description * update docker * change outputs --------- Co-authored-by: ostolero <ostolero@paloaltonetworks.com> Co-authored-by: ostolero <86190583+ostolero@users.noreply.github.com>
demisto · Sep 13, 2023 · 9db00f0 · 9db00f0
1 parent 5f8a2a0
commit 9db00f0
Show file tree

Hide file tree

Showing 7 changed files with 170 additions and 31 deletions.
diff --git a/Packs/Okta/Integrations/Okta_v2/Okta_v2.py b/Packs/Okta/Integrations/Okta_v2/Okta_v2.py
@@ -173,6 +173,13 @@ def set_temp_password(self, user_id):
             url_suffix=uri,
         )
 
+    def expire_password(self, user_id):
+        uri = f'users/{user_id}/lifecycle/expire_password'
+        return self._http_request(
+            method="POST",
+            url_suffix=uri
+        )
+
     def add_user_to_group(self, user_id, group_id):
         uri = f'groups/{group_id}/users/{user_id}'
         return self._http_request(
@@ -804,6 +811,30 @@ def set_password_command(client, args):
     )
 
 
+def expire_password_command(client, args):
+    user_id = client.get_user_id(args.get('username'))
+
+    if not (args.get('username') or user_id):
+        raise Exception("You must supply either 'Username' or 'userId")
+
+    raw_response = client.expire_password(user_id)
+    user_context = client.get_users_context(raw_response)
+
+    if argToBoolean(args.get('temporary_password', True)):
+        client.set_temp_password(user_id)
+
+    readable_output = tableToMarkdown('Okta Expired Password', raw_response, removeNull=True)
+    outputs = {
+        'Account(val.ID && val.ID === obj.ID)': createContext(user_context, removeNull=True)
+    }
+
+    return (
+        readable_output,
+        outputs,
+        raw_response
+    )
+
+
 def add_user_to_group_command(client, args):
     group_id = args.get('groupId')
     user_id = args.get('userId')
@@ -1353,6 +1384,7 @@ def main():
         'okta-unsuspend-user': unsuspend_user_command,
         'okta-reset-factor': reset_factor_command,
         'okta-set-password': set_password_command,
+        'okta-expire-password': expire_password_command,
         'okta-add-to-group': add_user_to_group_command,
         'okta-remove-from-group': remove_from_group_command,
         'okta-get-groups': get_groups_for_user_command,

diff --git a/Packs/Okta/Integrations/Okta_v2/Okta_v2.yml b/Packs/Okta/Integrations/Okta_v2/Okta_v2.yml
@@ -17,6 +17,7 @@ configuration:
   hiddenusername: true
   section: Connect
   required: false
+  display: ''
 - display: API Token (see detailed instructions)
   name: apitoken
   type: 4
@@ -90,7 +91,7 @@ script:
       description: Okta account factor ID.
       type: String
     - contextPath: Account.Factor.Provider
-      description: Okta account factor provider
+      description: Okta account factor provider.
       type: String
     - contextPath: Account.Factor.Profile
       description: Okta account factor profile.
@@ -102,7 +103,7 @@ script:
       description: Okta account factor status.
       type: Unknown
   - arguments:
-    - description: The user ID
+    - description: The user ID.
       name: userId
     - description: Username for which to un-enroll an existing factor.
       name: username
@@ -149,7 +150,7 @@ script:
       name: groupId
     - description: Name of the group to remove the user from.
       name: groupName
-    description: Removes a user from a group with OKTA_GROUP type
+    description: Removes a user from a group with OKTA_GROUP type.
     name: okta-remove-from-group
   - arguments:
     - default: true
@@ -212,10 +213,8 @@ script:
     - default: true
       description: Term by which to search. Can be a first name, last name, or email address. The argument `term` or `advanced_search` is required.
       name: term
-      required: false
     - description: Searches for users with a supported filtering expression for most properties, including custom-defined properties. The argument `term` or `advanced_search` is required.
       name: advanced_search
-      required: false
     - description: The maximum number of results to return. The default and maximum is 200.
       name: limit
     - auto: PREDEFINED
@@ -322,7 +321,7 @@ script:
       - 'false'
     - description: Searches the name property of groups for matching values.
       name: query
-    - description: "Useful for performing structured queries where constraints on group attribute values can be explicitly targeted. \nThe following expressions are supported(among others) for groups with the filter query parameter: \ntype eq \"OKTA_GROUP\" - Groups that have a type of OKTA_GROUP; lastUpdated lt \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with profile last updated before a specific timestamp; lastMembershipUpdated eq \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with memberships last updated at a specific timestamp; id eq \"00g1emaKYZTWRYYRRTSK\" - Group with a specified ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering"
+    - description: "Useful for performing structured queries where constraints on group attribute values can be explicitly targeted. \nThe following expressions are supported(among others) for groups with the filter query parameter: \n type eq \"OKTA_GROUP\" - Groups that have a type of OKTA_GROUP; lastUpdated lt \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with profile last updated before a specific timestamp; lastMembershipUpdated eq \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with memberships last updated at a specific timestamp; id eq \"00g1emaKYZTWRYYRRTSK\" - Group with a specified ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering"
       name: filter
     description: Lists users in your organization.
     name: okta-list-users
@@ -616,7 +615,7 @@ script:
   - arguments:
     - description: Searches the name property of groups for matching values.
       name: query
-    - description: "Useful for performing structured queries where constraints on group attribute values can be explicitly targeted. \nThe following expressions are supported(among others) for groups with the filter query parameter: \ntype eq \"OKTA_GROUP\" - Groups that have a type of OKTA_GROUP; lastUpdated lt \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with profile last updated before a specific timestamp; lastMembershipUpdated eq \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with memberships last updated at a specific timestamp; id eq \"00g1emaKYZTWRYYRRTSK\" - Group with a specified ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering"
+    - description: "Useful for performing structured queries where constraints on group attribute values can be explicitly targeted. \nThe following expressions are supported(among others) for groups with the filter query parameter: \n type eq \"OKTA_GROUP\" - Groups that have a type of OKTA_GROUP; lastUpdated lt \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with profile last updated before a specific timestamp; lastMembershipUpdated eq \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with memberships last updated at a specific timestamp; id eq \"00g1emaKYZTWRYYRRTSK\" - Group with a specified ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering"
       name: filter
     - defaultValue: '200'
       description: The maximum number of results to return. The default is 200.
@@ -649,9 +648,9 @@ script:
       description: Description of the group.
       type: String
   - arguments:
-    - description: 'Filters the lower time bound of the log events in the Internet Date/Time Format profile of ISO 8601. An example: 2017-05-03T16:22:18Z'
+    - description: 'Filters the lower time bound of the log events in the Internet Date/Time Format profile of ISO 8601. An example: 2017-05-03T16:22:18Z.'
       name: since
-    - description: 'Filters the upper time bound of the log events in the Internet Date/Time Format profile of ISO 8601. An example: 2017-05-03T16:22:18Z'
+    - description: 'Filters the upper time bound of the log events in the Internet Date/Time Format profile of ISO 8601. An example: 2017-05-03T16:22:18Z.'
       name: until
     - auto: PREDEFINED
       defaultValue: ASCENDING
@@ -1241,7 +1240,7 @@ script:
   - arguments:
     - description: The maximum number of results to return.
       name: limit
-    description: Get an Okta Zone object
+    description: Get an Okta Zone object.
     name: okta-list-zones
     outputs:
     - contextPath: Okta.Zone.created
@@ -1263,7 +1262,7 @@ script:
       description: Zone name.
       type: String
     - contextPath: Okta.Zone.proxies.type
-      description: Proxies IP entry type e.g. CIDR
+      description: Proxies IP entry type e.g. CIDR.
       type: String
     - contextPath: Okta.Zone.proxies.value
       description: Proxies IP entry value, e.g., 34.103.1.108/32.
@@ -1289,7 +1288,7 @@ script:
     - description: 'Update Proxy IP addresses: CIDR range (1.1.0.0/16) or single IP address (2.2.2.2).'
       isArray: true
       name: proxyIPs
-    description: Update an Okta Zone
+    description: Update an Okta Zone.
     name: okta-update-zone
     outputs:
     - contextPath: Okta.Zone.created
@@ -1326,10 +1325,10 @@ script:
       description: Zone type, e.g., IP.
       type: String
   - arguments:
-    - description: Zone ID to get, e.g., nzoqsmcx1qWYJ6wYF0h.7
+    - description: Zone ID to get, e.g., nzoqsmcx1qWYJ6wYF0h.7.
       name: zoneID
       required: true
-    description: Get a Zone by its ID
+    description: Get a Zone by its ID.
     name: okta-get-zone
     outputs:
     - contextPath: Okta.Zone.created
@@ -1366,14 +1365,14 @@ script:
       description: Zone type, e.g., IP.
       type: String
   - arguments:
-    - description: Zone name
+    - description: Zone name.
       name: name
       required: true
     - description: 'Update Gateway IP addresses: CIDR range (1.1.0.0/16) or single IP address (2.2.2.2).'
       name: gateway_ips
     - description: 'Update Proxy IP addresses: CIDR range (1.1.0.0/16) or single IP address (2.2.2.2).'
       name: proxies
-    description: Creates a Zone with the specified name
+    description: Creates a Zone with the specified name.
     name: okta-create-zone
   - arguments:
     - description: Name of the group to add.
@@ -1386,16 +1385,16 @@ script:
     name: okta-create-group
     outputs:
     - contextPath: OktaGroup.ID
-      description: Group ID in Okta,
+      description: Group ID in Okta,.
       type: Unknown
     - contextPath: OktaGroup.Name
-      description: Group name in Okta,
+      description: Group name in Okta,.
       type: Unknown
     - contextPath: OktaGroup.Description
-      description: Group description in Okta,
+      description: Group description in Okta,.
       type: Unknown
     - contextPath: OktaGroup.Type
-      description: Group type in Okta,
+      description: Group type in Okta,.
       type: Unknown
   - arguments:
     - description: Name of the group to assign to the app.
@@ -1404,11 +1403,57 @@ script:
       name: groupId
     - description: Friendly name of the app that the group will be assigned to.
       name: appName
-    description: Assign a group to an application
+    description: Assign a group to an application.
     name: okta-assign-group-to-app
-  dockerimage: demisto/python3:3.10.12.68714
+  - arguments:
+    - default: true
+      description: Okta username for which to expire the password.
+      name: username
+      required: true
+    - auto: PREDEFINED
+      defaultValue: 'false'
+      description: When true, you'll need to change the password in the next login.
+      name: temporary_password
+      predefined:
+      - 'true'
+      - 'false'
+    description: Expires a password for an existing Okta user.
+    execution: true
+    name: okta-expire-password
+    outputs:
+    - contextPath: Account.Activated
+      description: Timestamp for when the user was activated.
+      type: Date
+    - contextPath: Account.Created
+      description: Timestamp for when the user was created.
+      type: Date
+    - contextPath: Account.DisplayName
+      description: Okta account display name.
+      type: String
+    - contextPath: Account.Email
+      description: Okta account email.
+      type: String
+    - contextPath: Account.ID
+      description: Created Okta account ID.
+      type: String
+    - contextPath: Account.PasswordChanged
+      description: Timestamp for when the user's password was last changed.
+      type: Date
+    - contextPath: Account.Status
+      description: Okta account current status.
+      type: String
+    - contextPath: Account.StatusChanged
+      description: Timestamp for when the user's status was last changed.
+      type: Date
+    - contextPath: Account.Type
+      description: Okta account type.
+      type: String
+    - contextPath: Account.Username
+      description: Okta account usernames returned by the search.
+      type: String
+  dockerimage: demisto/python3:3.10.13.73190
   runonce: false
-  script: '-'
+  script: ""
   subtype: python3
   type: python
 fromversion: 5.0.0

diff --git a/Packs/Okta/Integrations/Okta_v2/Okta_v2_description.md b/Packs/Okta/Integrations/Okta_v2/Okta_v2_description.md
@@ -1,8 +1,4 @@
 Okta V2
 -
   For information on getting your Okta API token, see the Okta documentation.
-  https://developer.okta.com/docs/api/getting_started/getting_a_token
-
-
----
-[View Integration Documentation](https://xsoar.pan.dev/docs/reference/integrations/okta-v2)
+  https://developer.okta.com/docs/api/getting_started/getting_a_token
diff --git a/Packs/Okta/Integrations/Okta_v2/README.md b/Packs/Okta/Integrations/Okta_v2/README.md
@@ -2404,4 +2404,62 @@ There is no context output for this command.
 ```!okta-assign-group-to-app appName="Default-App" groupName="TestGroup"```
 #### Human Readable Output
 
->Group: TestGroup added to PA App successfully
+>Group: TestGroup added to PA App successfully
+### okta-expire-password
+
+***
+Expires a password for an existing Okta user.
+
+#### Base Command
+
+`okta-expire-password`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| username | Okta username for which to expire the password. | Required | 
+| temporary_password | When true, you'll need to change the password in the next login. Possible values are: true, false. Default is false. | Optional | 
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Account.Activated | Date | Timestamp for when the user was activated. | 
+| Account.Created | Date | Timestamp for when the user was created. | 
+| Account.DisplayName | String | Okta account display name. | 
+| Account.Email | String | Okta account email. | 
+| Account.ID | String | Created Okta account ID. | 
+| Account.PasswordChanged | Date | Timestamp for when the user's password was last changed. | 
+| Account.Status | String | Okta account current status. | 
+| Account.StatusChanged | Date | Timestamp for when the user's status was last changed. | 
+| Account.Type | String | Okta account type. | 
+| Account.Username | String | Okta account usernames returned by the search. | 
+
+#### Command example
+```!okta-expire-password username="4x1xh5rl@test.com" temporary_password="false"```
+#### Context Example
+```json
+{
+    "Account": {
+        "Activated": "2022-06-20T04:48:04.000Z",
+        "Created": "2022-06-20T04:47:59.000Z",
+        "DisplayName": "Test 1  Test1",
+        "Email": "4x1xh5rl@test.com",
+        "ID": "00u19cr5qv91HjELI0h8",
+        "PasswordChanged": "2022-06-20T04:48:07.000Z",
+        "Status": "PASSWORD_EXPIRED",
+        "StatusChanged": "2023-09-10T12:56:04.000Z",
+        "Type": "Okta",
+        "Username": "4x1xh5rl@test.com"
+    }
+}
+```
+
+#### Human Readable Output
+
+>### Okta Expired Password
+>|_links|activated|created|credentials|id|lastUpdated|passwordChanged|profile|status|statusChanged|type|
+>|---|---|---|---|---|---|---|---|---|---|---|
+>| suspend: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/lifecycle/suspend", "method": "POST"}<br/>schema: {"href": "https://test.oktapreview.com/api/v1/meta/schemas/user/osc66lckcvDyVcGzS0h7"}<br/>resetPassword: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/lifecycle/reset_password", "method": "POST"}<br/>forgotPassword: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/credentials/forgot_password", "method": "POST"}<br/>expirePassword: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/lifecycle/expire_password", "method": "POST"}<br/>changeRecoveryQuestion: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/credentials/change_recovery_question", "method": "POST"}<br/>self: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8"}<br/>type: {"href": "https://test.oktapreview.com/api/v1/meta/types/user/oty66lckcvDyVcGzS0h7"}<br/>changePassword: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/credentials/change_password", "method": "POST"}<br/>deactivate: {"href": "https://test.oktapreview.com/api/v1/users/00u19cr5qv91HjELI0h8/lifecycle/deactivate", "method": "POST"} | 2022-06-20T04:48:04.000Z | 2022-06-20T04:47:59.000Z | password: {}<br/>recovery_question: {"question": "whats the first school?"}<br/>provider: {"type": "OKTA", "name": "OKTA"} | 00u19cr5qv91HjELI0h8 | 2023-09-10T12:56:04.000Z | 2022-06-20T04:48:07.000Z | firstName: Test 1 <br/>lastName: Test1<br/>preferredLanguage: en<br/>mobilePhone: null<br/>city: Tel-Aviv<br/>displayName: Test 1 that<br/>nickName: Testush<br/>secondEmail: null<br/>login: 4x1xh5rl@test.com<br/>email: 4x1xh5rl@test.com<br/>employeeNumber: 12345 | PASSWORD_EXPIRED | 2023-09-10T12:56:04.000Z | id: oty66lckcvDyVcGzS0h7 |
+
diff --git a/Packs/Okta/Integrations/Okta_v2/example.txt b/Packs/Okta/Integrations/Okta_v2/example.txt
@@ -25,4 +25,5 @@ okta-get-zone zoneID=nzoqsmcx1qWYJ6w3355
 okta-update-zone zoneID=nzoqsmcx1qWYJ6w3355 zoneName=MyZone
 okta-list-zones
 okta-create-zone name="test_xsoar_4" gateway_ips="8.8.8.8"
-okta-list-users filter=`lastUpdated gt "2015-04-30T00:00:00.000Z"` limit=10
+okta-list-users filter=`lastUpdated gt "2015-04-30T00:00:00.000Z"` limit=10
+okta-expire-password username="4x1xh5rl@test.com" temporary_password="false"
diff --git a/Packs/Okta/ReleaseNotes/3_2_0.md b/Packs/Okta/ReleaseNotes/3_2_0.md
@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Okta v2
+
+- Added the okta-expire-password command which allows users to expire passwords for Okta users.
+- Updated the Docker image to: *demisto/python3:3.10.13.73190*.
diff --git a/Packs/Okta/pack_metadata.json b/Packs/Okta/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Okta",
     "description": "Integration with Okta's cloud-based identity management service.",
     "support": "xsoar",
-    "currentVersion": "3.1.29",
+    "currentVersion": "3.2.0",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",