Okta Webhook Verification Token
Service Name: Okta
Service Description: Okta is an identity and access management platform that provides cloud software for secure user authentication, single sign-on, multi-factor authentication, and user management.
Service Address: https://okta.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through Okta's network zones feature.
Secret Access Scope: Webhook verification tokens are used to verify that webhook requests are coming from Okta. These tokens help secure the communication between Okta and your application endpoints that receive webhook events.
Secret Revokement URL: https://developer.okta.com/docs/concepts/event-hooks/#security
Secret Example: 00Qz4xrZ9_QFVrCaKdFkAwxMjh2-mBEYxOAnLXGZIx
Suspicious Activity Investigation Instructions:
- Review your application logs for unexpected webhook calls from Okta.
- Check the Okta System Log for webhook delivery attempts.
- Verify if there are any unauthorized changes to webhook configurations in your Okta admin console.
- Look for any unusual patterns in webhook event delivery timing or frequency.
- Confirm that webhook endpoints are only receiving expected event types.
Mitigation Instructions:
- Log into your Okta admin dashboard.
- Go to Workflow > Event Hooks.
- Select the compromised webhook configuration.
- Either delete the webhook or regenerate the verification token.
- Update your application to use the new verification token.
- Consider implementing additional security measures like IP restrictions through network zones.
- Review and update your webhook endpoint security to ensure proper validation of incoming requests.