In this article, you will understand step by step how to easily integrate with Okta
Integrating with Okta will allow Scytale to collect all user access information and their access privileges on Okta. This will help to ensure that only authorized users have access to Okta, which is one of the key criteria when testing logical access. Manually collecting this type of evidence can take some time, especially when you need to prove to the auditors that the user listings are complete and accurate.
Automating the collection of user listings and access privileges will streamline the sampling process for the audit and also provide more assurance over the accuracy and completeness of the evidence collected.
How to connect Okta integration?
Step 1: Generate an API key in Okta
Log in to your company Okta application (It should look like this):
In the admin console, go to Security and click on API
Go to the Tokens tab and click on the "Create Token" button and provide the name of your token. (see screenshots below)
Click on the copy token value sign
Step 2: Log in to the Scytale web app
- Click on the "Integrations" menu screen to the left.
- Click on the "Connect" button under the Okta icon.
- Paste the generated API key (see step 1 above) from the Okta admin console in the API key field
- Fill in your subdomain for Okta (It should look like this): your-company.okta.com
- Connection Name - is used to differentiate between your connections.
For instance, if you manage multiple accounts or would like to connect multiple times to the integration. It's automatically titled (Connection 1,2,3 etc), but you can change it to a custom name to make it easier to identify.
For example: scytale-production-env.
- Click on Connect
Permissions for the integration with Okta:
Scytale collects evidence automatically for audit purposes by using the permissions you have granted. It's about read permissions.