Okta URL
Service Name: Okta
Service Description: Okta is an enterprise-grade, identity management service that provides single sign-on capabilities, multi-factor authentication, and lifecycle management for users in an organization.
Service Address: https://www.okta.com/
Validation Type: NHI Enriched API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to the Okta domain and its associated resources and user management capabilities.
Secret Revokement URL: Does not exist
Secret Example: company-name.okta.com
Suspicious Activity Investigation Instructions:
- Review Okta System Log for unauthorized access or suspicious activities
- Check for unusual login patterns or locations in the Okta admin console
- Verify any recent changes to user permissions or group memberships
- Examine API token usage patterns for abnormal behavior
- Monitor for unexpected user creation or deletion events
Mitigation Instructions:
- Immediately rotate any API tokens associated with the domain
- Review and update network access policies in Okta admin console
- Enable or strengthen multi-factor authentication requirements
- Update IP allowlists to restrict access to trusted networks
- Consider implementing Okta's ThreatInsight feature to block suspicious IPs
- Review and update session timeout policies