Okta Client ID
Service Name: Okta
Service Description: Okta is a leading identity and access management platform that provides cloud software to help companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website web services, and devices.
Service Address: https://www.okta.com/
Validation Type: API Auth, NHI Enriched
IP Allow list: IP restrictions can be configured at the organization level through Okta's network zones feature, allowing access only from specific IP ranges.
Secret Access Scope: The Okta Client ID, when paired with a Client Secret, grants access to Okta's OAuth 2.0/OIDC APIs, allowing applications to authenticate users and request tokens for accessing protected resources.
Secret Revokement URL: https://help.okta.com/en-us/Content/Topics/Apps/Apps_App_Integration_Wizard_OIDC.htm
Secret Example: 0oa1nu3iruUzJPxuK5d7
Suspicious Activity Investigation Instructions:
- Review the Okta System Log for unusual authentication attempts or API calls using this Client ID
- Check for unexpected application integrations or OAuth grants
- Monitor for unusual token issuance patterns or high volumes of authentication requests
- Verify if the Client ID is being used from unexpected geographic locations or IP addresses
- Review application access patterns for signs of credential abuse
Mitigation Instructions:
- Log in to your Okta Admin Console
- Navigate to Applications > Applications
- Locate the application associated with the compromised Client ID
- Select the application and click "Edit"
- Go to the "General" tab and click "Edit" in the "Client Credentials" section
- Click "Generate New Client Secret" to invalidate the current credentials
- Save the changes and update the Client Secret in your legitimate applications
- Alternatively, you can delete the application integration completely and recreate it with new credentials
- Review application access policies and implement additional security controls like IP restrictions or MFA