[Marketplace Contribution] Okta - Content Pack Update

Packs/Okta/Integrations/Okta_v2/Okta_v2.py

@@ -173,6 +173,13 @@ def set_temp_password(self, user_id):
             url_suffix=uri,
         )
 
+    def expire_password(self, user_id):
+        uri = f'users/{user_id}/lifecycle/expire_password'
+        return self._http_request(
+            method="POST",
+            url_suffix=uri
+        )
+
     def add_user_to_group(self, user_id, group_id):
         uri = f'groups/{group_id}/users/{user_id}'
         return self._http_request(
@@ -804,6 +811,30 @@ def set_password_command(client, args):
     )
 
 
+def expire_password_command(client, args):
+    user_id = client.get_user_id(args.get('username'))
+
+    if not (args.get('username') or user_id):
+        raise Exception("You must supply either 'Username' or 'userId")
+
+    raw_response = client.expire_password(user_id)
+    user_context = client.get_users_context(raw_response)
+
+    if argToBoolean(args.get('temporary_password', True)):
+        client.set_temp_password(user_id)
+
+    readable_output = tableToMarkdown('Okta Expired Password', raw_response, removeNull=True)
+    outputs = {
+        'Okta.ExpiredPassword': createContext(user_context, removeNull=True)
+    }
+
+    return (
+        readable_output,
+        outputs,
+        raw_response
+    )
+
+
 def add_user_to_group_command(client, args):
     group_id = args.get('groupId')
     user_id = args.get('userId')
@@ -1353,6 +1384,7 @@ def main():
         'okta-unsuspend-user': unsuspend_user_command,
         'okta-reset-factor': reset_factor_command,
         'okta-set-password': set_password_command,
+        'okta-expire-password': expire_password_command,
         'okta-add-to-group': add_user_to_group_command,
         'okta-remove-from-group': remove_from_group_command,
         'okta-get-groups': get_groups_for_user_command,

Packs/Okta/Integrations/Okta_v2/Okta_v2.yml

@@ -1,4 +1,4 @@
 category: Authentication & Identity Management
 sectionOrder:
 - Connect
 - Collect
@@ -17,6 +17,7 @@
   hiddenusername: true
   section: Connect
   required: false
+  display: ''
 - display: API Token (see detailed instructions)
   name: apitoken
   type: 4
@@ -212,10 +213,8 @@
     - default: true
       description: Term by which to search. Can be a first name, last name, or email address. The argument `term` or `advanced_search` is required.
       name: term
-      required: false
     - description: Searches for users with a supported filtering expression for most properties, including custom-defined properties. The argument `term` or `advanced_search` is required.
       name: advanced_search
-      required: false
     - description: The maximum number of results to return. The default and maximum is 200.
       name: limit
     - auto: PREDEFINED
@@ -322,7 +321,7 @@
       - 'false'
     - description: Searches the name property of groups for matching values.
       name: query
-    - description: "Useful for performing structured queries where constraints on group attribute values can be explicitly targeted. \nThe following expressions are supported(among others) for groups with the filter query parameter: \ntype eq \"OKTA_GROUP\" - Groups that have a type of OKTA_GROUP; lastUpdated lt \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with profile last updated before a specific timestamp; lastMembershipUpdated eq \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with memberships last updated at a specific timestamp; id eq \"00g1emaKYZTWRYYRRTSK\" - Group with a specified ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering"
+    - description: "Useful for performing structured queries where constraints on group attribute values can be explicitly targeted. \nThe following expressions are supported(among others) for groups with the filter query parameter: \n type eq \"OKTA_GROUP\" - Groups that have a type of OKTA_GROUP; lastUpdated lt \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with profile last updated before a specific timestamp; lastMembershipUpdated eq \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with memberships last updated at a specific timestamp; id eq \"00g1emaKYZTWRYYRRTSK\" - Group with a specified ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering"
       name: filter
     description: Lists users in your organization.
     name: okta-list-users
@@ -616,7 +615,7 @@
   - arguments:
     - description: Searches the name property of groups for matching values.
       name: query
-    - description: "Useful for performing structured queries where constraints on group attribute values can be explicitly targeted. \nThe following expressions are supported(among others) for groups with the filter query parameter: \ntype eq \"OKTA_GROUP\" - Groups that have a type of OKTA_GROUP; lastUpdated lt \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with profile last updated before a specific timestamp; lastMembershipUpdated eq \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with memberships last updated at a specific timestamp; id eq \"00g1emaKYZTWRYYRRTSK\" - Group with a specified ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering"
+    - description: "Useful for performing structured queries where constraints on group attribute values can be explicitly targeted. \nThe following expressions are supported(among others) for groups with the filter query parameter: \n type eq \"OKTA_GROUP\" - Groups that have a type of OKTA_GROUP; lastUpdated lt \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with profile last updated before a specific timestamp; lastMembershipUpdated eq \"yyyy-MM-dd''T''HH:mm:ss.SSSZ\" - Groups with memberships last updated at a specific timestamp; id eq \"00g1emaKYZTWRYYRRTSK\" - Group with a specified ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering"
       name: filter
     - defaultValue: '200'
       description: The maximum number of results to return. The default is 200.
@@ -1406,11 +1405,26 @@
       name: appName
     description: Assign a group to an application
     name: okta-assign-group-to-app
-  dockerimage: demisto/python3:3.10.12.68714
+  - arguments:
+    - default: true
+      description: Okta username for which to expire the password.
+      name: username
+      required: true
+    - auto: PREDEFINED
+      defaultValue: 'false'
+      description: When true, you'll need to change the password in the next login.
+      name: temporary_password
+      predefined:
+      - 'true'
+      - 'false'
+    description: Expires a password for an existing Okta user.
+    execution: true
+    name: okta-expire-password
+  dockerimage: demisto/python3:3.10.13.72123
   runonce: false
-  script: '-'
+  script: ""
   subtype: python3
   type: python
 fromversion: 5.0.0
 tests:
-- OktaV2-Test
+  - OktaV2-Test

Packs/Okta/Integrations/Okta_v2/Okta_v2_description.md

@@ -1,8 +1,4 @@
 Okta V2
 -
   For information on getting your Okta API token, see the Okta documentation.
-  https://developer.okta.com/docs/api/getting_started/getting_a_token
-
-
----
-[View Integration Documentation](https://xsoar.pan.dev/docs/reference/integrations/okta-v2)
+  https://developer.okta.com/docs/api/getting_started/getting_a_token

Packs/Okta/ReleaseNotes/3_2_0.md

@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Okta v2
+
+- Added the okta-expire-password command which allows users to expire passwords for Okta users.
+- Updated the Docker image to: *demisto/python3:3.10.13.72123*.

Packs/Okta/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Okta",
     "description": "Integration with Okta's cloud-based identity management service.",
     "support": "xsoar",
-    "currentVersion": "3.1.29",
+    "currentVersion": "3.2.0",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",