Skip to content
Find out how we support MDR.

Okta

API

You must have the Identity integrations license pack to use this feature.

You can integrate Okta with Sophos Central.

Okta integrations are API-based.

You can configure two kinds of integration:

  • Data Ingest: Sends Okta authentication and authorization data to Sophos for analysis.
  • Response Action: Lets you use Okta actions to resolve detected issues.

Response Action is currently only available for XDR customers.

To configure one or both kinds of integration, the key steps are as follows:

  • Get details of your Okta service.
  • Generate an API token in Okta.
  • Configure the integrations in Sophos Central.

Get details of Okta service

You'll need the following details:

  • The Base URL for your service. This is in the following form: https://${yourOktaOrg}.
  • An API token.

Find your base URL

To find your Okta URL, also called an Okta domain, do as follows:

  1. Sign in to the Okta administrator console for your Okta organization.
  2. Look for the Okta domain in the global header, in the upper-right corner of the dashboard.

    Example Okta domains are as follows:

    • example.oktapreview.com
    • example.okta.com
    • example.okta-emea.com
  3. Copy the URL to use later in Sophos Central.

Generate an API token

To integrate Okta you'll need an API token. This is also sometimes called a key or secret.

To generate the API token, do as follows:

  1. Sign in to Okta as an administrator with the same rights that are needed to perform the API's actions.

    The API token inherits its user role and permissions from the signed-in administrator.

  2. In the Okta administrator console, go to Security > API.

  3. Click Create Token.
  4. Enter a name for your token.

    Copy the token value immediately. You can't retrieve it.

Configure Data Ingest

You can integrate Okta with Sophos Central so that it sends data to Sophos.

  1. In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
  2. Click Okta.

    The Okta page opens. You can configure integrations here and see a list of any you've already configured.

  3. In Data Ingest (Security Alerts), click Add Configuration.

    Note

    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, you configure an API to collect data from Okta. To do this, do as follows:

    1. Enter a name and a description for the integration.
    2. Enter the Base URL and API token.
  5. Click Save.

We create the integration and it appears in your list. If its status icon is a green tick, your data should appear in the Sophos Data Lake after validation.

Configure Response Action

Response Action is currently only available for XDR customers.

You can integrate Okta with Sophos Central so that you can use it to resolve detected issues.

  1. In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
  2. Click Okta.

    The Okta page opens. You can configure integrations here and see a list of any you've already configured.

  3. In Response Action, click Add Configuration.

  4. In Response action steps, enter an integration Name and Description.

  5. In Credential, click Add new credential. Alternatively, select an existing credential.

    In these instructions, we assume you add a new credential. If you don't, skip the next two steps.

  6. In Add Okta API Token Credential, do as follows:

    1. Enter a credential name and description.
    2. In Permissions, select access permissions. These define what the credential lets you do.
    3. In Integrations with Access, select which integrations can use the credential.
    4. Set an Expiration Date.
    5. Click Next.
  7. On the next page, enter the Okta URL and API Token that you got from Okta earlier.

  8. Click Save.

We create the integration and it appears in your list.

You've set up Okta actions that you can run from the Respond tab in Case details. See Respond to cases.

More information

For more information about finding your domain, we recommend you read the Okta documentation. See Find your Okta domain.