Okta - Identity Management

Created by David Esposito, Modified on Wed, 25 Sep at 3:19 PM by David Esposito

Installation Process

Method: API Key

Estimated Time to Complete: 5 minute

Installer: Okta Administrator

Generate API Token

Installation will be accomplished by generating an API Token from a “Read-only Admin” account. An administrator will need to ensure to create a Read-only admin account, assign Read-only permissions to an existing service account, or have access to the Read-only admin account. This requires 2-3 steps.

Optional: Create Service account and assign “Read-only Admin” permissions. See screenshot below.
Login as the Read-only Administrator and create an Api Key
1. Navigate to the Admin Portal => Security => API => Tokens
2. Create a new token with the name “Amplifier Security Automation Token” or anything else you see fit.
3. Be careful with this value since it will only be available once.
Capture the Okta Domain. This value will be used by Amplifiers automation jobs.

Note: This permission can be assigned directly or through group assignment. Amplifier only requires the Read-only Administrator permission, but other more permissive permissions could also be used.

Note: Create a token with a name that you will recognize. Note that Okta only shows you the token once.

Note: Copy the domain value. It will be used to configure the Amplifier Okta Integration, e.g. https://my-okta-domain.okta.com

Configuration

High At-Risk Group Memberships

Estimated Time to Complete: 10 minutes

We leverage group membership to identify users that have an elevated risk profile. Please collect a list of groups that identify users that have the following characteristics:

Production Access	Identify groups that are used to provide access to production, or mailing distros for employees that have access to production infrastructure. Common groups include engineering, operations, IT, and support.
Privileged Access	Identify groups that are used to provide privileged access, e.g. admins, to saas application or internal systems, or mailing distros for employees that have similar access. Common groups include IT.
Executives	Identify groups that include individuals on the leadership team. These individuals are often seen as high value targets, e.g. spear phishing and whaling. Common groups include ELT or Executive Leadership Team mailing distros.
Service Accounts	Service accounts often have identity accounts but you likely want these excluded from your score. For example, they likely will not have MFA configured and you might not want that raised as a security finding. Identify or create groups that include service accounts you want excluded from reporting.

For each of these groups, get the group ID’s from the admin console using the following approach. The following approach will be improved in future iterations using type ahead selection. But for the time being use the following steps to capture the Group ID’s for any matching the above description.

Navigate to https://my-domain-admin.okta.com/admin/groups
For each of the groups matching the above descriptions, open the details page in a new tab, e.g. right click and “open in a new tab” or CMD click
Once the details page is open, capture the group name and group id (from the URL)
Collect these in the provided spreadsheet