Okta API Key
Service Name: Okta
Service Description: Okta is a leading identity and access management platform that provides cloud software for secure user authentication, single sign-on, multi-factor authentication, and user management.
Service Address: https://www.okta.com/
Validation Type: API Auth, NHI Enriched
IP Allow list: IP restrictions can be configured at the organization level through Okta's network zones feature.
Secret Access Scope: Grants programmatic access to Okta's management APIs, allowing for user management, application configuration, policy management, and other administrative functions.
Secret Revokement URL: https://help.okta.com/en-us/Content/Topics/Security/API-Access-Management.htm
Secret Example: 00ABCDEfghijklMNOPQRSTuvwxyz12345678
Suspicious Activity Investigation Instructions:
- Review Okta System Log for unusual API calls or administrative actions
- Check for unauthorized user creation, group modifications, or application changes
- Monitor for changes to authentication policies or security settings
- Look for API calls from unusual IP addresses or outside normal business hours
- Verify if there were any changes to MFA settings or authentication factors
Mitigation Instructions:
- Immediately revoke the compromised API token in the Okta Admin Console
- Go to Security > API > Tokens and delete the affected token
- Create a new API token with appropriate scopes if still needed
- Review and update API token scopes to follow the principle of least privilege
- Enable IP restrictions for API access through Okta's network zones feature
- Implement regular rotation schedules for API tokens
- Audit all changes made using the compromised token and revert any unauthorized modifications
- Consider enabling API request logging for better visibility into API usage