Okta API Token
Service Name: Okta
Service Description: Okta is a cloud-based identity and access management service that enables organizations to secure and manage user authentication across applications, devices, and services.
Service Address: https://www.okta.com/
Validation Type: API Auth, NHI Enriched
IP Allow list: IP restrictions can be configured at the organization level through Okta's network zones feature.
Secret Access Scope: Grants programmatic access to Okta's API endpoints, allowing management of users, groups, applications, and other identity resources within an Okta organization.
Secret Revokement URL: https://help.okta.com/en-us/Content/Topics/Security/API-Access-Management.htm
Secret Example: 00ABCDEfghijklMNOPQRSTuvwxyz12345678
Suspicious Activity Investigation Instructions:
- Review the Okta System Log for unusual API calls or access patterns
- Check for unauthorized user creation, modification, or deletion activities
- Monitor for changes to application configurations or security policies
- Examine authentication events for unusual locations or times
- Review API token usage patterns for abnormal request volumes or endpoints
Mitigation Instructions:
- Log in to your Okta Admin Console
-
Navigate to Security > API > Tokens
-
Locate the compromised API token
- Click "Deactivate" to immediately revoke access
- Click "Delete" to permanently remove the token
- Create a new API token with appropriate scopes if needed
- Review and update your organization's API token management policies
- Consider implementing shorter token lifetimes and regular rotation schedules
- Enable additional security controls like network zones to restrict API access by
IP address