Skip to content

Okta API Token

Service Name: Okta

Service Description: Okta is a cloud-based identity and access management service that enables organizations to secure and manage user authentication across applications, devices, and services.

Service Address: https://www.okta.com/

Validation Type: API Auth, NHI Enriched

IP Allow list: IP restrictions can be configured at the organization level through Okta's network zones feature.

Secret Access Scope: Grants programmatic access to Okta's API endpoints, allowing management of users, groups, applications, and other identity resources within an Okta organization.

Secret Revokement URL: https://help.okta.com/en-us/Content/Topics/Security/API-Access-Management.htm

Secret Example: 00ABCDEfghijklMNOPQRSTuvwxyz12345678

Suspicious Activity Investigation Instructions:

  • Review the Okta System Log for unusual API calls or access patterns
  • Check for unauthorized user creation, modification, or deletion activities
  • Monitor for changes to application configurations or security policies
  • Examine authentication events for unusual locations or times
  • Review API token usage patterns for abnormal request volumes or endpoints

Mitigation Instructions:

  • Log in to your Okta Admin Console
  • Navigate to Security > API > Tokens

  • Locate the compromised API token

  • Click "Deactivate" to immediately revoke access
  • Click "Delete" to permanently remove the token
  • Create a new API token with appropriate scopes if needed
  • Review and update your organization's API token management policies
  • Consider implementing shorter token lifetimes and regular rotation schedules
  • Enable additional security controls like network zones to restrict API access by

IP address