In this article, you will understand step by step how to easily integrate with Okta
Integrating with Okta will allow Scytale to collect all user access information and their access privileges on Okta. This will help to ensure that only authorized users have access to Okta, which is one of the key criteria when testing logical access. Manually collecting this type of evidence can take some time, especially when you need to prove to the auditors that the user listings are complete and accurate.
Automating the collection of user listings and access privileges will streamline the sampling process for the audit and also provide more assurance over the accuracy and completeness of the evidence collected.
How to connect Okta integration?
Permissions for the integration with Okta:
Our integration actually uses API tokens, which function differently depending on the role of the user who generates them. To collect the list of user administrators from Okta, it is necessary for the user generating the API token to have a Super Administrator role.
Just note that to ensure compliance and security aspects of user access to systems, it's important to collect the list of administrator.
Step 1: Generate an API key in Okta
-
Log in to your company Okta application (It should look like this):
https://your-company.okta.com -
In the admin console, go to Security and click on API
-
Go to the Tokens tab and click on the "Create Token" button and provide the name of your token. (see screenshots below)
-
Click on the copy token value sign
Step 2: Log in to the Scytale web app
- Click on the "Integrations" menu screen to the left.
- Click on the "Connect" button under the Okta icon.
- Paste the generated API key (see step 1 above) from the Okta admin console in the API key field
- Fill in your subdomain for Okta (It should look like this): your-company.okta.com
- Connection Name - is used to differentiate between your connections.
For instance, if you manage multiple accounts or would like to connect multiple times to the integration. It's automatically titled (Connection 1,2,3 etc), but you can change it to a custom name to make it easier to identify.
For example: scytale-production-env. - Click on Connect