Skip to content

Okta URL

Service Name: Okta

Service Description: Okta is an enterprise-grade, identity management service that provides single sign-on capabilities, multi-factor authentication, and lifecycle management for users in an organization.

Service Address: https://www.okta.com/

Validation Type: NHI Enriched API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to the Okta domain and its associated resources and user management capabilities.

Secret Revokement URL: Does not exist

Secret Example: company-name.okta.com

Suspicious Activity Investigation Instructions:

  • Review Okta System Log for unauthorized access or suspicious activities
  • Check for unusual login patterns or locations in the Okta admin console
  • Verify any recent changes to user permissions or group memberships
  • Examine API token usage patterns for abnormal behavior
  • Monitor for unexpected user creation or deletion events

Mitigation Instructions:

  • Immediately rotate any API tokens associated with the domain
  • Review and update network access policies in Okta admin console
  • Enable or strengthen multi-factor authentication requirements
  • Update IP allowlists to restrict access to trusted networks
  • Consider implementing Okta's ThreatInsight feature to block suspicious IPs
  • Review and update session timeout policies