Okta v2

Integration with Okta's cloud-based identity management service This integration was integrated and tested with version xx of Okta v2

Configure Okta v2 on Demisto

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Okta v2.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
urlOkta URL (https://yourdomain.okta.com)True
apitokenAPI Token (see Detailed Instructions)True
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

okta-unlock-user


Unlocks a single user.

Base Command

okta-unlock-user

Input
Argument NameDescriptionRequired
usernameUsername to unlock.Required
Context Output

There is no context output for this command.

Command Example

!okta-unlock-user username=testForDocs@test.com

Human Readable Output

User testForDocs@test.com unlocked

okta-deactivate-user


Deactivates a single user.

Base Command

okta-deactivate-user

Input
Argument NameDescriptionRequired
usernameUsername to deactivate.Required
Context Output

There is no context output for this command.

Command Example

!okta-deactivate-user username=testForDocs@test.com

Human Readable Output

User testForDocs@test.com deactivated

okta-activate-user


Activates a single user.

Base Command

okta-activate-user

Input
Argument NameDescriptionRequired
usernameUsername to activate.Required
Context Output

There is no context output for this command.

Command Example

!okta-activate-user username=testForDocs@test.com

Human Readable Output

testForDocs@test.com is active now

okta-suspend-user


Suspends a single user. This operation can only be performed on users with an ACTIVE status. The user has a status of SUSPENDED when the process is completed.

Base Command

okta-suspend-user

Input
Argument NameDescriptionRequired
usernameUsername to suspend.Required
Context Output

There is no context output for this command.

Command Example

!okta-suspend-user username=testForDocs@test.com

Human Readable Output

testForDocs@test.com status is Suspended

okta-unsuspend-user


Returns a single user to ACTIVE status. This operation can only be performed on users that have a SUSPENDED status.

Base Command

okta-unsuspend-user

Input
Argument NameDescriptionRequired
usernameUsername to change the status to ACTIVE.Required
Context Output

There is no context output for this command.

Command Example

!okta-unsuspend-user username=testForDocs@test.com

Human Readable Output

testForDocs@test.com is no longer SUSPENDED

okta-get-user-factors


Returns all the enrolled factors for the specified user.

Base Command

okta-get-user-factors

Input
Argument NameDescriptionRequired
usernameUsername for which to return all enrolled factors.Optional
userIdUser ID of the user for which to get all enrolled factors.Optional
Context Output
PathTypeDescription
Account.IDStringOkta account ID.
Account.Factor.IDStringOkta account factor ID.
Account.Factor.ProviderStringOkta account factor provider
Account.Factor.ProfileStringOkta account factor profile.
Account.Factor.FactorTypeStringOkta account factor type.
Account.Factor.StatusUnknownOkta account factor status.
Command Example

!okta-get-user-factors username=factor@test.com

Context Example
{
"Account": {
"Factor": [
{
"FactorType": "sms",
"ID": "mblpt21nffaaN5F060h7",
"Profile": {
"phoneNumber": "+12025550191"
},
"Provider": "OKTA",
"Status": "PENDING_ACTIVATION"
},
{
"FactorType": "token:software:totp",
"ID": "uftpt24kdrDJ7fDOq0h7",
"Profile": {
"credentialId": "factor@test.com"
},
"Provider": "GOOGLE",
"Status": "PENDING_ACTIVATION"
},
{
"FactorType": "push",
"ID": "opfpt1joeaArlg27g0h7",
"Provider": "OKTA",
"Status": "PENDING_ACTIVATION"
}
],
"ID": "00upt1w8tgFQM2v6t4"
}
}
Human Readable Output

Factors for user: 00upt1w8tgFQM2v0h7

Factors

FactorTypeIDProfileProviderStatus
smsmbgt21nffaaN5F060h7phoneNumber: +12025550191OKTAPENDING_ACTIVATION
token:software:totpuftptgdrDJ7fDOq0h7credentialId: factor@test.comGOOGLEPENDING_ACTIVATION
pushopfg1joeaArlg27g0h7OKTAPENDING_ACTIVATION

okta-reset-factor


Un-enrolls an existing factor for the specified user. This enables the user to enroll a new factor.

Base Command

okta-reset-factor

Input
Argument NameDescriptionRequired
userIdThe user IDOptional
usernameUsername for which to un-enroll an existing factor.Optional
factorIdThe ID of the factor to reset.Required
Context Output

There is no context output for this command.

Command Example

!okta-reset-factor factorId=ufsq7cvptfbjQa72c0h7 userId=00upt1w8t40wFQM2v6t4

Human Readable Output

Factor: ufsq7cvptfbjQa72c0h7 deleted

okta-set-password


Sets passwords without validating existing user credentials.

Base Command

okta-set-password

Input
Argument NameDescriptionRequired
usernameOkta username for which to set the password.Required
passwordThe new password to set for the user.Required
Context Output

There is no context output for this command.

Command Example

!okta-set-password username=testForDocs@test.com password=N3wPa55word!

Human Readable Output

testForDocs@test.com password was last changed on 2020-03-26T13:57:13.000Z

okta-add-to-group


Adds a user to a group with OKTA_GROUP type.

Base Command

okta-add-to-group

Input
Argument NameDescriptionRequired
userIdID of the user to add to the group.Optional
usernameName of the user to add to the group.Optional
groupIdID of the group to add the user to.Optional
groupNameName of the group to add the user to.Optional
Context Output

There is no context output for this command.

Command Example

!okta-add-to-group groupName=Demisto username=testForDocs@test.com

Human Readable Output

User: 00uqk1qesl3k0SRbH0h7 added to group: Demisto successfully

okta-remove-from-group


Removes a user from a group with OKTA_GROUP type

Base Command

okta-remove-from-group

Input
Argument NameDescriptionRequired
userIdID of the user to remove from the group.Optional
usernameName of the user to remove from the group.Optional
groupIdID of the group to remove the user from.Optional
groupNameName of the group to remove the user from.Optional
Context Output

There is no context output for this command.

Command Example

!okta-remove-from-group groupName=demisto username=testForDocs@test.com

Human Readable Output

User: 00uqk1qesl3k0SRbH0h7 was removed from group: demisto successfully

okta-get-groups


Returns all user groups associated with a specified user.

Base Command

okta-get-groups

Input
Argument NameDescriptionRequired
usernameUsername in Okta for which to get the associated groups.Required
Context Output
PathTypeDescription
Account.GroupUnknownOkta groups with which the account is associated.
Account.IDStringOkta account ID.
Account.TypeStringOkta account type.
Account.Group.IDStringUnique key for the group.
Account.Group.CreatedDateTimestamp when the group was created.
Account.Group.ObjectClassStringThe object class, which determines the group's profile.
Account.Group.LastUpdatedDateTimestamp when the group's profile was last updated.
Account.Group.LastMembershipUpdatedDateTimestamp when the group's memberships were last updated.
Account.Group.TypeStringGroup type, which determines how a group's profile and memberships are managed.
Account.Group.DescriptionStringDescription of the group.
Account.Group.NameStringName of the group.
Command Example

!okta-get-groups username=testForDocs@test.com

Context Example
{
"Account": {
"Group": [
{
"Created": "2016-04-12T15:01:50.000Z",
"Description": "All users in your organization",
"ID": "00g66lckcsAJpLcNc0h7",
"LastMembershipUpdated": "2020-03-26T13:56:49.000Z",
"LastUpdated": "2016-04-12T15:01:50.000Z",
"Name": "Everyone",
"ObjectClass": [
"okta:user_group"
],
"Type": "BUILT_IN"
},
{
"Created": "2018-01-19T02:02:06.000Z",
"ID": "00gdougcq3zEaf7c50h7",
"LastMembershipUpdated": "2020-03-26T13:49:47.000Z",
"LastUpdated": "2018-01-19T02:02:06.000Z",
"Name": "Demisto",
"ObjectClass": [
"okta:user_group"
],
"Type": "OKTA_GROUP"
}
],
"ID": "00uqk1qesl3k0SRbH0h7",
"Type": "Okta"
}
}
Human Readable Output

Okta groups for user: testForDocs@test.com

Groups

CreatedDescriptionIDLastMembershipUpdatedLastUpdatedNameObjectClassType
2016-04-12T15:01:50.000ZAll users in your organization00g66lckgAJpLcNc0h72020-03-26T13:56:49.000Z2016-04-12T15:01:50.000ZEveryoneokta:user_groupBUILT_IN
2018-01-19T02:02:06.000Z00gdougcgzEaf7c50h72020-03-26T13:49:47.000Z2018-01-19T02:02:06.000ZDemistookta:user_groupOKTA_GROUP

okta-verify-push-factor


Enrolls and verifies a push factor for the specified user.

Base Command

okta-verify-push-factor

Input
Argument NameDescriptionRequired
userIdThe ID of the user to enroll and verify.Required
factorIdThe push factor ID.Required
Context Output
PathTypeDescription
Account.IDStringOkta user ID.
Account.VerifyPushResultStringOkta user push factor result.
Command Example

!okta-verify-push-factor factorId=opfpt1joeaArlg27g0h7 userId=00upt1w8t40wFQM2v0h7

Human Readable Output

Verify push factor result for user 00upt1w8t40wgQM2v0h7: WAITING

Context Example
{
"factorResult": "WAITING",
"profile": {
"credentialId": "test@this.com",
"deviceType": "SmartPhone_IPhone",
"keys": [
{
"kty": "EC",
"use": "sig",
"kid": "default",
"x": "3Y53lDoQYwzzVbjsbsPnqOnVaotIrVByQh5Sa-RwOHQ",
"y": "0zHY_y9rVh-bq_-lR-MrmzNtUZrrIMbTrsjtxUyUT2Q",
"crv": "P-256"
}
],
"name": "iPhone (5)",
"platform": "IOS",
"version": "13.1.3"
},
"expiresAt": "2020-02-24T11:37:08.000Z",
"_links": {
"cancel": {
"href": "https://test.com/api/v1/users/00upt1w8t40wgQM2v0h7/factors/FactorID/transactions/TransactionID",
"hints": {
"allow": [
"DELETE"
]
}
},
"poll": {
"href": "https://test.com/api/v1/users/00upt1w8t40wgQM2v0h7/factors/FactorID/transactions/TransactionID",
"hints": {
"allow": [
"GET"
]
}
}
}
}

okta-search


Searches for Okta users.

Base Command

okta-search

Input
Argument NameDescriptionRequired
termTerm by which to search. Can be a first name, last name, or email address.Required
limitThe maximum number of results to return. The default and maximum is 200.Optional
verboseWhether to return details of users that match the found term. Can be "true" or "false". The default is "false".Optional
Context Output
PathTypeDescription
Account.IDStringOkta account IDs returned by the search.
Account.UsernameStringOkta account usernames returned by the search.
Account.EmailStringOkta account emails returned by the search.
Account.DisplayNameStringOkta account display names returned by the search.
Account.TypeStringOkta account type returned by the search.
Account.StatusStringOkta account current status.
Account.CreatedDateTimestamp for when the user was created.
Account.ActivatedDateTimestamp for when the user was activated.
Account.StatusChangedDateTimestamp for when the user's status was last changed.
Account.PasswordChangedDateTimestamp for when the user's password was last changed.
Command Example

!okta-search term=test verbose=true

Context Example
{
"Account": [
{
"Activated": "2020-02-12T14:03:51.000Z",
"Created": "2020-02-12T14:03:50.000Z",
"DisplayName": "bar test",
"Email": "bartest@test.com",
"ID": "00uppjeleqJQ2kkN80h7",
"Status": "PROVISIONED",
"StatusChanged": "2020-02-12T14:03:51.000Z",
"Type": "Okta",
"Username": "bartest@test.com"
},
{
"Activated": "2020-02-19T12:33:20.000Z",
"Created": "2018-07-31T12:48:33.000Z",
"DisplayName": "test that",
"Email": "test@that.com",
"ID": "00ufufhqits3y78Ju0h7",
"PasswordChanged": "2020-02-06T13:32:56.000Z",
"Status": "PROVISIONED",
"StatusChanged": "2020-02-19T12:33:20.000Z",
"Type": "Okta",
"Username": "test@that.com"
},
{
"Activated": "2020-03-26T13:56:52.000Z",
"Created": "2020-03-26T13:56:49.000Z",
"DisplayName": "test that",
"Email": "testForDocs@test.com",
"ID": "00uqk1qesl3k0SRbH0h7",
"PasswordChanged": "2020-03-26T13:56:50.000Z",
"Status": "ACTIVE",
"StatusChanged": "2020-03-26T13:56:52.000Z",
"Type": "Okta",
"Username": "testForDocs@test.com"
}
]
}
Human Readable Output

Okta users found:

User:bartest@test.com

Profile

EmailFirst NameLast NameLoginMobile PhoneSecond Email
bartest@test.combartestbartest@test.com

Additional Data

ActivatedCreatedCredentialsIDLast LoginLast UpdatedPassword ChangedStatusStatus ChangedType_links
2020-02-12T14:03:51.000Z2020-02-12T14:03:50.000Zprovider: {"type": "OKTA", "name": "OKTA"}00uppjeleqJQ2kkN80h72020-02-12T14:03:51.000ZPROVISIONEDid: oty66lckcvDyVcGzS0h7self: {"href": "https://yourdomain.okta.com/api/v1/users/00uppjeleqJQ2kkN80h7"}

User:test@that.com

Profile

EmailFirst NameLast NameLoginMobile PhoneSecond Email
test@that.comtestthattest@that.comtest@that.com

Additional Data

ActivatedCreatedCredentialsIDLast LoginLast UpdatedPassword ChangedStatusStatus ChangedType_links
2020-02-19T12:33:20.000Z2018-07-31T12:48:33.000Zprovider: {"type": "OKTA", "name": "OKTA"}00ufufhqits3y78Ju0h72020-02-19T12:33:20.000Z2020-02-06T13:32:56.000ZPROVISIONEDid: oty66lckcvDyVcGzS0h7self: {"href": "https://yourdomain.okta.com/api/v1/users/00ufufhqits3y78Ju0h7"}

User:testForDocs@test.com

Profile

EmailFirst NameLast NameLoginMobile PhoneSecond Email
testForDocs@test.comtestthattestForDocs@test.com

Additional Data

ActivatedCreatedCredentialsIDLast LoginLast UpdatedPassword ChangedStatusStatus ChangedType_links
2020-03-26T13:56:52.000Z2020-03-26T13:56:49.000Zpassword: {}recovery_question: {"question": "whats is your favourite integration"}provider: {"type": "OKTA", "name": "OKTA"}00uqk1qesl3k0SRbH0h72020-03-26T13:56:52.000Z2020-03-26T13:56:50.000ZACTIVEid: oty66lckcvDyVcGzS0h7self: {"href": "https://yourdomain.okta.com/api/v1/users/00uqk1qesl3k0SRbH0h7"}

okta-get-user


Fetches information for a single user. You must enter one or more parameters for the command to run.

Base Command

okta-get-user

Input
Argument NameDescriptionRequired
usernameOkta username for which to get information.Optional
userIdUser ID of the user for which to get information.Optional
verboseWhether to return extended user information. Can be "true" or "false". The default is "false".Optional
Context Output
PathTypeDescription
Account.IDStringOkta account ID.
Account.EmailStringOkta account email.
Account.UsernameStringOkta account username.
Account.DisplayNameStringOkta account display name.
Account.StatusStringOkta account status.
Account.CreatedDateTimestamp for when the user was created.
Account.ActivatedDateTimestamp for when the user was activated.
Account.StatusChangedDateTimestamp for when the user's status was last changed.
Account.PasswordChangedDateTimestamp for when the user's password was last changed.
Command Example

!okta-get-user username=testForDocs@test.com verbose=true

Context Example
{
"Account": {
"Activated": "2020-03-26T13:56:52.000Z",
"Created": "2020-03-26T13:56:49.000Z",
"DisplayName": "test that",
"Email": "testForDocs@test.com",
"ID": "00uqk1qesl3k0SRbH0h7",
"PasswordChanged": "2020-03-26T13:56:50.000Z",
"Status": "ACTIVE",
"StatusChanged": "2020-03-26T13:56:52.000Z",
"Type": "Okta",
"Username": "testForDocs@test.com"
}
}
Human Readable Output

User:testForDocs@test.com

Profile

EmailFirst NameLast NameLoginMobile PhoneSecond Email
testForDocs@test.comtestthattestForDocs@test.com

Additional Data

ActivatedCreatedCredentialsIDLast LoginLast UpdatedPassword ChangedStatusStatus ChangedType_links
2020-03-26T13:56:52.000Z2020-03-26T13:56:49.000Zpassword: {}recovery_question: {"question": "whats is your favourite integration"} provider: {"type": "OKTA", "name": "OKTA"}00uqk1qesl3k0SRbH0h72020-03-26T13:56:52.000Z2020-03-26T13:56:50.000ZACTIVEid: oty66lckcvDyVcGzS0h7links

okta-create-user


Creates a new user with an option of setting a password, recovery question, and answer. The new user will immediately be able to log in after activation with the assigned password. This flow is common when developing a custom user registration experience.

Base Command

okta-create-user

Input
Argument NameDescriptionRequired
firstNameFirst name of the user (givenName).Required
lastNameFamily name of the user (familyName).Required
emailPrimary email address of the user.Required
loginUnique identifier for the user (username).Required
secondEmailSecondary email address of user. Usually used for account recovery.Optional
middleNameMiddle name(s) of the user.Optional
honorificPrefixA comma-separated list of honorific prefix(es) of the user, or title in most Western languages.Optional
honificSuffixA comma-separated list of honorific suffix(es) of the user.Optional
titleUser's title. for example, Vice President.Optional
displayNameDisplay name of the user.Optional
nickNameCasual way to address the user (nick name).Optional
profileUrlURL of the user online profile. For example, a web page.Optional
primaryPhonePrimary phone number of the user.Optional
mobilePhoneMobile phone number of the user.Optional
streetAddressFull street address component of the user's address.Optional
cityCity or locality component of the user's address (locality).Optional
stateState or region component of the user's address (region).Optional
zipCodeZip code or postal code component of the user's address (postalCode).Optional
countryCodeCountry name component of the user's address (country).Optional
postalAddressMailing address component of the user's address.Optional
preferredLanguageUser's preferred written or spoken languages.Optional
localeUser's default location, for purposes of localizing items such as currency, date-time format, numerical representations, etc.Optional
timezoneUser's time zone.Optional
userTypeThe user type, which is used to identify the organization-to-user relationship such as "Employee" or "Contractor".Optional
employeeNumberOrganization or company assigned unique identifier for the user.Optional
costCenterName of a cost center the user is assigned to.Optional
organizationName of the user's organization.Optional
divisionName of the user's division.Optional
departmentName of the user's department.Optional
managerIdID of the user's manager.Optional
managerDisplay name of the user's manager.Optional
passwordPassword for the new user.Optional
passwordQuestionPassword question for the new user.Optional
passwordAnswerPassword answer for question.Optional
providerTypeThe provider type. Can be "OKTA", "ACTIVE_DIRECTORY", "LDAP", "FEDERATION", or "SOCIAL".Optional
providerNameName of the provider.Optional
groupIdsIDs of groups that the user will be immediately added to at time of creation (does Not include default group).Optional
activateWhether to activate the lifecycle operation when creating the user. Can be "true" or "false".Optional
Context Output
PathTypeDescription
Account.IDStringCreated Okta account ID.
Account.EmailStringCreated Okta account email address.
Account.UsernameStringCreated okta account username.
Account.DisplayNameStringCreated Okta account display name.
Account.TypeStringType of created account - Okta.
Account.StatusStringOkta account current status.
Account.CreatedDateTimestamp for when the user was created.
Account.ActivatedDateTimestamp for when the user was activated.
Account.StatusChangedDateTimestamp for when the user's status was last changed.
Account.PasswordChangedDateTimestamp for when the user's password was last changed.
Command Example

!okta-create-user email=testForDocs@test.com firstName=test lastName=that login=testForDocs@test.com password=Pa55word! passwordQuestion="whats is your favourite integration" passwordAnswer="Okta of course"

Context Example
{
"Account": {
"Activated": null,
"Created": "2020-03-26T13:56:49.000Z",
"DisplayName": "test that",
"Email": "testForDocs@test.com",
"ID": "00uqk1qesl3k0SRbH0h7",
"PasswordChanged": "2020-03-26T13:56:50.000Z",
"Status": "STAGED",
"StatusChanged": null,
"Type": "Okta",
"Username": "testForDocs@test.com"
}
}
Human Readable Output

Okta User Created: testForDocs@test.com:

First NameIDLast LoginLast NameLoginMobile PhoneStatus
test00uqk1qesl3k0SRbH0h7thattestForDocs@test.comSTAGED

okta-update-user


Updates a user with a given login. All fields are optional, fields which are not set will not be overridden.

Base Command

okta-update-user

Input
Argument NameDescriptionRequired
firstNameFirst name of the user (given name).Optional
lastNameFamily name of the user.Optional
emailPrimary email address of the user.Optional
usernameUnique identifier for the user (login).Required
secondEmailSecondary email address of the user (typically used for account recovery.Optional
middleNameMiddle name(s) of the user.Optional
honorificPrefixHonorific prefix(es) of the user, or title in most Western languages.Optional
honorificSuffixHonorific suffix(es) of the user.Optional
titleUser's title. For example, Vice President.Optional
displayNameDisplay name of the user.Optional
nickNameCasual way to address the user in real life (nick name).Optional
profileUrlURL of the user's online profile. For example, a web page.Optional
primaryPhonePrimary phone number of the user.Optional
mobilePhoneMobile phone number of the user.Optional
streetAddressFull street address component of the user's address.Optional
cityCity or locality component of the user's address (locality).Optional
stateState or region component of the user's address (region).Optional
zipCodeZip code or postal code component of the user's address (postalCode).Optional
countryCodeCountry name component of the user's address (country).Optional
postalSddressMailing address component of the user's address.Optional
preferredLanguageUser's preferred written or spoken languages.Optional
localeUser's default location for purposes of localizing items such as currency, date-time format, numerical representations, etc.Optional
timezoneUser time zone.Optional
userTypeThe user type, which is used to identify the organization-to-user relationship such as "Employee" or "Contractor".Optional
employeeNumberOrganization or company assigned unique identifier for the user.Optional
costCenterName of a cost center the user is assigned to.Optional
organizationName of the user's organization.Optional
divisionName of the user's division.Optional
departmentName of the user's department.Optional
managerIdID of the user's manager.Optional
managerDisplay name of the user's manager.Optional
passwordNew password for the specified user.Optional
passwordQuestionPassword question for the specified user.Optional
passwordAnswerPassword answer for the question.Optional
providerTypeThe provider type. Can be "OKTA", "ACTIVE_DIRECTORY", "LDAP", "FEDERATION", or "SOCIAL".Optional
providerNameName of the provider.Optional
Context Output

There is no context output for this command.

Command Example

!okta-update-user username=testForDocs@test.com firstName="First Name Updated"

Human Readable Output

Okta user: testForDocs@test.com Updated:

emailfirstNamelastNameloginmobilePhonesecondEmail
testForDocs@test.comFirst Name UpdatedthattestForDocs@test.com

okta-get-group-members


Enumerates all users that are members of a group.

Base Command

okta-get-group-members

Input
Argument NameDescriptionRequired
groupIdID of the group.Optional
limitThe maximum number of results to return.Optional
verboseWhether to print extended user details. Can be "true" or "false". The default is "false".Optional
groupNameName of the group.Optional
Context Output
PathTypeDescription
Account.IDStringOkta account ID.
Account.EmailStringOkta account email address.
Account.UsernameStringOkta account username.
Account.DisplayNameStringOkta account display name.
Account.TypeStringAccount type - Okta.
Account.StatusStringOkta account current status.
Account.CreatedDateTimestamp for when the user was created.
Account.ActivatedDateTimestamp for when the user was activated.
Account.StatusChangedDateTimestamp for when the user's status was last changed.
Account.PasswordChangedDateTimestamp for when the user's password was last changed.
Command Example

!okta-get-group-members groupName=Demisto limit=1 verbose=true

Context Example
{
"Account": {
"Created": "2016-04-12T15:01:52.000Z",
"DisplayName": "Test Demisto",
"Email": "XSOAR@demisto.com",
"ID": "00u66ljhpjidYi0h7",
"PasswordChanged": "2020-02-24T11:40:08.000Z",
"Status": "ACTIVE",
"StatusChanged": "2016-04-12T15:05:06.000Z",
"Type": "Okta",
"Username": "XSOAR@demisto.com"
}
}
Human Readable Output

Users for group: Demisto:

User:Test@demisto.com

Profile

EmailFirst NameLast NameLoginMobile PhoneSecond Email
XSOAR@demisto.comTestDemistoXSOAR@demisto.com

Additional Data

ActivatedCreatedCredentialsIDLast LoginLast UpdatedPassword ChangedStatusStatus ChangedType_links
2016-04-12T15:01:52.000Zpassword: {} recovery_question: {"question": "born city"} provider: {"type": "OKTA", "name": "OKTA"}00u66lckd7lpjidYi0h72020-03-12T09:54:36.000Z2020-02-24T11:42:22.000Z2020-02-24T11:40:08.000ZACTIVEid: oty66lckcyVcGzS0h7self: {"href": "https://yourdomain.okta.com/api/v1/users/00uclpjidYi0h7"}

okta-list-groups


Lists groups in your organization. A subset of groups can be returned that match a supported filter expression or query.

Base Command

okta-list-groups

Input
Argument NameDescriptionRequired
querySearches the name property of groups for matching values.Optional
filterUseful for performing structured queries where constraints on group attribute values can be explicitly targeted. The following expressions are supported(among others) for groups with the filter query parameter: type eq "OKTA_GROUP" - Groups that have a type of OKTA_GROUP; lastUpdated lt "yyyy-MM-dd''T''HH:mm:ss.SSSZ" - Groups with profile last updated before a specific timestamp; lastMembershipUpdated eq "yyyy-MM-dd''T''HH:mm:ss.SSSZ" - Groups with memberships last updated at a specific timestamp; id eq "00g1emaKYZTWRYYRRTSK" - Group with a specified ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filteringOptional
limitThe maximum number of results to return. The default is 200.Optional
Context Output
PathTypeDescription
Okta.Group.IDStringUnique key for the group.
Okta.Group.CreatedDateTimestamp for when the group was created.
Okta.Group.ObjectClassUnknownThe group's profile.
Okta.Group.LastUpdatedDateTimestamp for when the group's profile was last updated.
Okta.Group.LastMembershipUpdatedDateTimestamp for when the group's membership was last updated.
Okta.Group.TypeStringThe group type, which determines how a group's profile and membership are managed. Can be "OKTA_GROUP", "APP_GROUP", or "BUILT_IN".
Okta.Group.NameStringName of the group.
Okta.Group.DescriptionStringDescription of the group.
Command Example

!okta-list-groups filter=`type eq "OKTA_GROUP" and lastUpdated lt "2019-04-30T00:00:00.000Z" and lastMembershipUpdated gt "2019-04-30T00:00:00.000Z"` query=demisto

Context Example
{
"Okta": {
"Group": {
"Created": "2018-01-19T02:02:06.000Z",
"ID": "00gdout3zEaf7c50h7",
"LastMembershipUpdated": "2020-03-26T13:56:56.000Z",
"LastUpdated": "2018-01-19T02:02:06.000Z",
"Name": "Demisto",
"ObjectClass": [
"okta:user_group"
],
"Type": "OKTA_GROUP"
}
}
}
Human Readable Output

Groups

CreatedDescriptionIDLastMembershipUpdatedLastUpdatedNameObjectClassType
2018-01-19T02:02:06.000Z00gdougctEaf7c50h72020-03-26T13:56:56.000Z2018-01-19T02:02:06.000ZDemistookta:user_groupOKTA_GROUP

okta-get-failed-logins


Returns failed login events.

Base Command

okta-get-failed-logins

Input
Argument NameDescriptionRequired
sinceFilters the lower time bound of the log events in the Internet Date/Time Format profile of ISO 8601. An example: 2017-05-03T16:22:18ZOptional
untilFilters the upper time bound of the log events in the Internet Date/Time Format profile of ISO 8601. An example: 2017-05-03T16:22:18ZOptional
sortOrderThe order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING".Optional
limitThe maximum number of results to return. The default is 100.Optional
Context Output
PathTypeDescription
Okta.Logs.Events.actor.alternateIdStringAlternative ID of the actor.
Okta.Logs.Events.actor.displayNameStringDisplay name of the actor.
Okta.Logs.Events.actor.idStringID of the actor.
Okta.Logs.Events.client.userAgent.rawUserAgentStringA raw string representation of the user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field.
Okta.Logs.Events.client.userAgent.osStringThe OS on which the client runs. For example, Microsoft Windows 10.
Okta.Logs.Events.client.userAgent.browserStringIdentifies the browser type, if relevant. For example, Chrome.
Okta.Logs.Events.client.deviceStringType of device that client operated from. For example, Computer.
Okta.Logs.Events.client.idStringFor OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request.
Okta.Logs.Events.client.ipAddressStringIP address from which the client made its request.
Okta.Logs.Events.client.geographicalContext.cityStringThe city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco.
Okta.Logs.Events.client.geographicalContext.stateStringFull name of the state or province encompassing the area containing the geo-location coordinates. For example Montana, Incheon.
Okta.Logs.Events.client.geographicalContext.countryStringFull name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda.
Okta.Logs.Events.displayMessageStringThe display message for an event.
Okta.Logs.Events.eventTypeStringType of event that was published.
Okta.Logs.Events.outcome.resultStringResult of the action. Can be "SUCCESS", "FAILURE", "SKIPPED", "UNKNOWN".
Okta.Logs.Events.outcome.reasonStringReason for the result. For example, INVALID_CREDENTIALS.
Okta.Logs.Events.publishedStringTimestamp when the event was published.
Okta.Logs.Events.severityStringThe event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR".
Okta.Logs.Events.securityContext.asNumberNumberAutonomous system number associated with the autonomous system that the event request was sourced to.
Okta.Logs.Events.securityContext.asOrgStringOrganization associated with the autonomous system that the event request was sourced to.
Okta.Logs.Events.securityContext.ispStringInternet service provider used to send the event's request.
Okta.Logs.Events.securityContext.domainStringThe domain name associated with the IP address of the inbound event request.
Okta.Logs.Events.securityContext.isProxyStringSpecifies whether an event's request is from a known proxy.
Okta.Logs.Events.request.ipChain.IPStringIP address.
Okta.Logs.Events.request.ipChain.geographicalContext.cityStringThe city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco.
Okta.Logs.Events.request.ipChain.geographicalContext.stateStringFull name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon.
Okta.Logs.Events.request.ipChain.geographicalContext.countryStringFull name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda.
Okta.Logs.Events.request.ipChain.sourceStringDetails regarding the source.
Okta.Logs.Events.target.idStringID of a target.
Okta.Logs.Events.target.typeStringType of a target.
Okta.Logs.Events.target.alternateIdStringAlternative ID of a target.
Okta.Logs.Events.target.displayNameStringDisplay name of a target.
Command Example

!okta-get-failed-logins since="2019-04-30T00:00:00.000Z" limit=1

Context Example
{
"Okta": {
"Logs": {
"Events": {
"actor": {
"alternateId": "goo@test.com",
"detailEntry": null,
"displayName": "unknown",
"id": "unknown",
"type": "User"
},
"authenticationContext": {
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "unknown",
"interface": null,
"issuer": null
},
"client": {
"device": "Computer",
"geographicalContext": {
"city": "Tel Aviv",
"country": "Israel",
"geolocation": {
"lat": 32.0678,
"lon": 34.7647
},
"postalCode": null,
"state": "Tel Aviv"
},
"id": null,
"ipAddress": "127.0.0.1",
"userAgent": {
"browser": "CHROME",
"os": "Windows 10",
"rawUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
},
"zone": "null"
},
"debugContext": {
"debugData": {
"loginResult": "VERIFICATION_ERROR",
"requestId": "XYM92q-0Fs0ewvRQZVAlzwAABL8",
"requestUri": "/api/v1/authn",
"url": "/api/v1/authn?"
}
},
"displayMessage": "User login to Okta",
"eventType": "user.session.start",
"legacyEventType": "core.user_auth.login_failed",
"outcome": {
"reason": "VERIFICATION_ERROR",
"result": "FAILURE"
},
"published": "2019-09-19T08:35:38.353Z",
"request": {
"ipChain": [
{
"geographicalContext": {
"city": "Tel Aviv",
"country": "Israel",
"geolocation": {
"lat": 32.0678,
"lon": 34.7647
},
"postalCode": null,
"state": "Tel Aviv"
},
"ip": "127.0.0.1",
"source": null,
"version": "V4"
}
]
},
"securityContext": {
"asNumber": null,
"asOrg": null,
"domain": null,
"isProxy": null,
"isp": null
},
"severity": "INFO",
"target": null,
"transaction": {
"detail": {},
"id": "XYM92q-0Fs0ewvRQZVAlzwAABL8",
"type": "WEB"
},
"uuid": "7503c6b4-dab8-11e9-b336-d163e95fbe00",
"version": "0"
}
}
}
}
Human Readable Output

Failed Login Events

ActorActorAlternaneIdChainIPClientEventInfoEventOutcomeEventSeverityRequestIPTargetsTime
unknown (User)admin127.0.0.1CHROME on Windows 10 ComputerUser login to OktaFAILURE: VERIFICATION_ERRORINFO127.0.0.1-09/30/2019, 18:42:38

okta-get-logs


Gets logs by providing optional filters.

Base Command

okta-get-logs

Input
Argument NameDescriptionRequired
filterUseful for performing structured queries where constraints on LogEvent attribute values can be explicitly targeted. The following expressions are supported for events with the filter query parameter: eventType eq " :eventType" -Events that have a specific action; eventType target.id eq ":id" - Events published with a specific target id; actor.id eq ":id" - Events published with a specific actor ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filteringOptional
queryThe query parameter can be used to perform keyword matching against a LogEvents object’s attribute values. In order to satisfy the constraint, all supplied keywords must be matched exactly. Note that matching is case-insensitive. The following are some examples of common keyword filtering: Events that mention a specific city: query=San Francisco; Events that mention a specific url: query=interestingURI.com; Events that mention a specific person: query=firstName lastName.Optional
sinceFilters the lower time bound of the log events in the Internet Date/Time Format profile of ISO 8601. For example: 2017-05-03T16:22:18Z.Optional
untilFilters the upper time bound of the log events in the Internet Date/Time Format profile of ISO 8601. For example: 2017-05-03T16:22:18Z.Optional
sortOrderThe order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING".Optional
limitThe maximum number of results to return. The default is 100.Optional
Context Output
PathTypeDescription
Okta.Logs.Events.actor.alternateIdStringAlternative ID of the actor.
Okta.Logs.Events.actor.displayNameStringDisplay name of the actor.
Okta.Logs.Events.actor.idStringID of the actor.
Okta.Logs.Events.client.userAgent.rawUserAgentStringA raw string representation of user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field.
Okta.Logs.Events.client.userAgent.osStringThe operation system on which the client runs. For example, Microsoft Windows 10.
Okta.Logs.Events.client.userAgent.browserStringIdentifies the type of web browser, if relevant. For example, Chrome.
Okta.Logs.Events.client.deviceStringType of device from which the client operated. For example, Computer.
Okta.Logs.Events.client.idStringFor OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request.
Okta.Logs.Events.client.ipAddressStringIP address from which the client made its request.
Okta.Logs.Events.client.geographicalContext.cityStringThe city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco.
Okta.Logs.Events.client.geographicalContext.stateStringFull name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon.
Okta.Logs.Events.client.geographicalContext.countryStringFull name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda.
Okta.Logs.Events.displayMessageStringThe display message for an event.
Okta.Logs.Events.eventTypeStringType of event that was published.
Okta.Logs.Events.outcome.resultStringResult of the action. Can be "SUCCESS", "FAILURE", "SKIPPED", or "UNKNOWN".
Okta.Logs.Events.outcome.reasonStringReason for the result. For example, INVALID_CREDENTIALS.
Okta.Logs.Events.publishedStringTimestamp when the event was published.
Okta.Logs.Events.severityStringThe event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR".
Okta.Logs.Events.securityContext.asNumberNumberAutonomous system number associated with the autonomous system that the event request was sourced to.
Okta.Logs.Events.securityContext.asOrgStringOrganization associated with the autonomous system that the event request was sourced to.
Okta.Logs.Events.securityContext.ispStringInternet service provider used to send the event's request.
Okta.Logs.Events.securityContext.domainStringThe domain name associated with the IP address of the inbound event request.
Okta.Logs.Events.securityContext.isProxyStringSpecifies whether an event's request is from a known proxy.
Okta.Logs.Events.request.ipChain.IPStringIP address.
Okta.Logs.Events.request.ipChain.geographicalContext.cityStringThe city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco.
Okta.Logs.Events.request.ipChain.geographicalContext.stateStringFull name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon.
Okta.Logs.Events.request.ipChain.geographicalContext.countryStringFull name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda.
Okta.Logs.Events.request.ipChain.sourceStringDetails regarding the source.
Okta.Logs.Events.target.idStringID of a target.
Okta.Logs.Events.target.typeStringType of a target.
Okta.Logs.Events.target.alternateIdStringAlternative ID of a target.
Okta.Logs.Events.target.displayNameStringDisplay name of a target.
Command Example

!okta-get-logs filter=`actor.id eq "00u66lckvpjidYi0h7"` query=Boardman since="2020-03-03T20:23:17.573Z" limit=1

Context Example
{
"Okta": {
"Logs": {
"Events": {
"actor": {
"alternateId": "Test@demisto.com",
"detailEntry": null,
"displayName": "Test Demisto",
"id": "00u66lvd7lpjidYi0h7",
"type": "User"
},
"authenticationContext": {
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "trs3hs_F_UQT9K5FOPG7m4i1g",
"interface": null,
"issuer": null
},
"client": {
"device": "Unknown",
"geographicalContext": {
"city": "Boardman",
"country": "United States",
"geolocation": {
"lat": 45.8491,
"lon": -119.7143
},
"postalCode": "97818",
"state": "Oregon"
},
"id": null,
"ipAddress": "127.0.0.1",
"userAgent": {
"browser": "UNKNOWN",
"os": "Unknown",
"rawUserAgent": "Demisto/1.0"
},
"zone": "null"
},
"debugContext": {
"debugData": {
"requestId": "Xl68tch@7iZvNo0k8vPc5gAAAmE",
"requestUri": "/api/v1/groups/00g8mo0l5wuTxmoIC0h7/users/00uptu0jj9V91p5QM0h7",
"threatSuspected": "false",
"url": "/api/v1/groups/00g8mo0l5wuTxmoIC0h7/users/00uptu0jj9V91p5QM0h7?"
}
},
"displayMessage": "Remove user from group membership",
"eventType": "group.user_membership.remove",
"legacyEventType": "core.user_group_member.user_remove",
"outcome": {
"reason": null,
"result": "SUCCESS"
},
"published": "2020-03-03T20:23:17.573Z",
"request": {
"ipChain": [
{
"geographicalContext": {
"city": "Boardman",
"country": "United States",
"geolocation": {
"lat": 45.8491,
"lon": -119.7143
},
"postalCode": "97818",
"state": "Oregon"
},
"ip": "127.0.0.1",
"source": null,
"version": "V4"
}
]
},
"securityContext": {
"asNumber": null,
"asOrg": null,
"domain": null,
"isProxy": null,
"isp": null
},
"severity": "INFO",
"target": [
{
"alternateId": "test@this.com",
"detailEntry": null,
"displayName": "test this",
"id": "00uptu0jj9V91p5QM0h7",
"type": "User"
},
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "test1",
"id": "00g8mo0l5wuTxmoIC0h7",
"type": "UserGroup"
}
],
"transaction": {
"detail": {},
"id": "Xl68tch@7iZvNo0k8vPc5gAAAmE",
"type": "WEB"
},
"uuid": "d14117f9-5d8c-11ea-a9cb-1f2fbd3b03f7",
"version": "0"
}
}
}
}
Human Readable Output

Okta Events

ActorActorAlternaneIdChainIPClientEventInfoEventOutcomeEventSeverityRequestIPTargetsTime
Test Demisto (User)Test@demisto.com127.0.0.1Unknown browser on Unknown OS Unknown deviceRemove user from group membershipSUCCESSINFO127.0.0.1test this (User) test1 (UserGroup)03/03/2020, 20:23:17

okta-get-group-assignments


Gets events for when a user was added to a group.

Base Command

okta-get-group-assignments

Input
Argument NameDescriptionRequired
sinceFilters the lower time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z.Optional
untilFilters the upper time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z.Optional
sortOrderThe order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING".Optional
limitThe maximum number of results to return. The default is 100.Optional
Context Output
PathTypeDescription
Okta.Logs.Events.actor.alternateIdStringAlternative ID of the actor.
Okta.Logs.Events.actor.displayNameStringDisplay name of the actor.
Okta.Logs.Event.actor.idStringID of the actor.
Okta.Logs.Events.client.userAgent.rawUserAgentStringA raw string representation of user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field.
Okta.Logs.Events.client.userAgent.osStringThe OS on which the client runs. For example, Microsoft Windows 10.
Okta.Logs.Events.client.userAgent.browserStringIdentifies the type of web browser, if relevant. For example, Chrome.
Okta.Logs.Events.client.deviceStringType of device from which the client operated. For example, Computer.
Okta.Logs.Events.client.idStringFor OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request.
Okta.Logs.Events.client.ipAddressStringIP address from which the client made its request.
Okta.Logs.Events.client.geographicalContext.cityStringThe city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco.
Okta.Logs.Events.client.geographicalContext.stateStringFull name of the state or province encompassing in the area containing the geo-location coordinates. For example, Montana, Incheon.
Okta.Logs.Events.client.geographicalContext.countryStringFull name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda.
Okta.Logs.Events.displayMessageStringThe display message for an event.
Okta.Logs.Events.eventTypeStringType of event that was published.
Okta.Logs.Events.outcome.resultStringResult of the action. Can be "SUCCESS", "FAILURE", "SKIPPED", or "UNKNOWN".
Okta.Logs.Events.outcome.reasonUnknownReason for the result. For example INVALID_CREDENTIALS.
Okta.Logs.Events.publishedStringTimestamp when the event was published.
Okta.Logs.Events.severityStringThe event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR".
Okta.Logs.Events.securityContext.asNumberNumberAutonomous system number associated with the autonomous system that the event request was sourced to.
Okta.Logs.Events.securityContext.asOrgStringOrganization associated with the autonomous system that the event request was sourced to.
Okta.Logs.Events.securityContext.ispStringInternet service provider used to send the event's request.
Okta.Logs.Events.securityContext.domainStringThe domain name associated with the IP address of the inbound event request.
Okta.Logs.Events.securityContext.isProxyStringSpecifies whether an event's request is from a known proxy.
Okta.Logs.Events.request.ipChain.IPStringIP address.
Okta.Logs.Events.request.ipChain.geographicalContext.cityStringThe city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco.
Okta.Logs.Events.request.ipChain.geographicalContext.stateStringFull name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon.
Okta.Logs.Events.request.ipChain.geographicalContext.countryStringFull name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda.
Okta.Logs.Events.request.ipChain.sourceStringDetails regarding the source.
Okta.Logs.Events.target.idStringID of a target.
Okta.Logs.Events.target.typeStringType of a target.
Okta.Logs.Events.target.alternateIdStringAlternative ID of a target.
Okta.Logs.Events.target.displayNameStringDisplay name of a target.
Command Example

!okta-get-group-assignments since="2019-04-30T00:00:00.000Z" limit=1

Context Example
{
"Okta": {
"Logs": {
"Events": {
"actor": {
"alternateId": "Test@demisto.com",
"detailEntry": null,
"displayName": "Test Demisto",
"id": "00u66lckd7lpjidYi0h7",
"type": "User"
},
"authenticationContext": {
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "trs4IvlVrvVR9G8RPsPtFjwBA",
"interface": null,
"issuer": null
},
"client": {
"device": "Unknown",
"geographicalContext": {
"city": "Boardman",
"country": "United States",
"geolocation": {
"lat": 45.8491,
"lon": -119.7143
},
"postalCode": "97818",
"state": "Oregon"
},
"id": null,
"ipAddress": "127.0.0.1",
"userAgent": {
"browser": "UNKNOWN",
"os": "Unknown",
"rawUserAgent": "Demisto/1.0"
},
"zone": "null"
},
"debugContext": {
"debugData": {
"requestId": "XXxTqUauHPkBXo4-TEcw9QAAAq0",
"requestUri": "/api/v1/groups/00g8mo0l5wuTxmoIC0h7/users/00ued6gq9jItNhAsN0h7",
"url": "/api/v1/groups/00g8mo0l5wuTxmoIC0h7/users/00ued6gq9jItNhAsN0h7?"
}
},
"displayMessage": "Add user to group membership",
"eventType": "group.user_membership.add",
"legacyEventType": "core.user_group_member.user_add",
"outcome": {
"reason": null,
"result": "SUCCESS"
},
"published": "2019-09-14T02:42:49.379Z",
"request": {
"ipChain": [
{
"geographicalContext": {
"city": "Boardman",
"country": "United States",
"geolocation": {
"lat": 45.8491,
"lon": -119.7143
},
"postalCode": "97818",
"state": "Oregon"
},
"ip": "127.0.0.1",
"source": null,
"version": "V4"
}
]
},
"securityContext": {
"asNumber": null,
"asOrg": null,
"domain": null,
"isProxy": null,
"isp": null
},
"severity": "INFO",
"target": [
{
"alternateId": "test@this.com",
"detailEntry": null,
"displayName": "test this",
"id": "00ued6gq9jItNhAsN0h7",
"type": "User"
},
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "test1",
"id": "00g8mo0l5wuTxmoIC0h7",
"type": "UserGroup"
}
],
"transaction": {
"detail": {},
"id": "XXxTqUauHPkBXo4-TEcw9QAAAq0",
"type": "WEB"
},
"uuid": "5741ef53-d699-11e9-a08c-d549acc8afb2",
"version": "0"
}
}
}
}
Human Readable Output

Group Assignment Events

ActorActorAlternaneIdChainIPClientEventInfoEventOutcomeEventSeverityRequestIPTargetsTime
Test Demisto (User)Test@demisto.com127.0.0.1Unknown browser on Unknown OS Unknown deviceAdd user to group membershipSUCCESSINFO127.0.0.1test this (User) test1 (UserGroup)09/29/2019, 03:47:46

okta-get-application-assignments


Returns events for when a user was assigned to an application.

Base Command

okta-get-application-assignments

Input
Argument NameDescriptionRequired
sinceFilters the lower time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z.Optional
untilFilters the upper time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z.Optional
sortOrderThe order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING".Optional
limitThe maximum number of results to return. The default is 100.Optional
Context Output
PathTypeDescription
Okta.Logs.Events.actor.alternateIdStringAlternative ID of the actor.
Okta.Logs.Events.actor.displayNameStringDisplay name of the actor.
Okta.Logs.Event.actor.idStringID of the actor.
Okta.Logs.Events.client.userAgent.rawUserAgentStringA raw string representation of user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field.
Okta.Logs.Events.client.userAgent.osStringThe OS on which the client runs. For example, Microsoft Windows 10.
Okta.Logs.Events.client.userAgent.browserStringIdentifies the type of web browser, if relevant. For example, Chrome.
Okta.Logs.Events.client.deviceStringType of device from which the client operated. For example, Computer.
Okta.Logs.Events.client.idStringFor OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request.
Okta.Logs.Events.client.ipAddressStringIP address from which the client made its request.
Okta.Logs.Events.client.geographicalContext.cityStringThe city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco.
Okta.Logs.Events.client.geographicalContext.stateStringFull name of the state or province encompassing in the area containing the geo-location coordinates. For example, Montana, Incheon.
Okta.Logs.Events.client.geographicalContext.countryStringFull name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda.
Okta.Logs.Events.displayMessageStringThe display message for an event.
Okta.Logs.Events.eventTypeStringType of event that was published.
Okta.Logs.Events.outcome.resultStringResult of the action. For example, "SUCCESS", "FAILURE", "SKIPPED", or "UNKNOWN".
Okta.Logs.Events.outcome.reasonStringReason for the result. For example INVALID_CREDENTIALS.
Okta.Logs.Events.publishedStringTimestamp when the event was published.
Okta.Logs.Events.severityStringThe event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR".
Okta.Logs.Events.securityContext.asNumberNumberAutonomous system number associated with the autonomous system that the event request was sourced to.
Okta.Logs.Events.securityContext.asOrgStringOrganization associated with the autonomous system that the event request was sourced to.
Okta.Logs.Events.securityContext.ispStringInternet service provider used to send the event's request.
Okta.Logs.Events.securityContext.domainStringThe domain name associated with the IP address of the inbound event request.
Okta.Logs.Events.securityContext.isProxyStringSpecifies whether an event's request is from a known proxy.
Okta.Logs.Events.request.ipChain.IPStringIP address.
Okta.Logs.Events.request.ipChain.geographicalContext.cityStringThe city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco.
Okta.Logs.Events.request.ipChain.geographicalContext.stateStringFull name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon.
Okta.Logs.Events.request.ipChain.geographicalContext.countryStringFull name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda.
Okta.Logs.Events.request.ipChain.sourceStringDetails regarding the source.
Okta.Logs.Events.target.idStringID of a target.
Okta.Logs.Events.target.typeStringType of a target.
Okta.Logs.Events.target.alternateIdStringAlternative ID of a target.
Okta.Logs.Events.target.displayNameStringDisplay name of a target.
Command Example

!okta-get-application-assignments since="2019-04-30T00:00:00.000Z" until="2020-02-30T00:00:00.000Z" sortOrder=DESCENDING limit=1

Context Example
{
"Okta": {
"Logs": {
"Events": {
"actor": {
"alternateId": "Test@demisto.com",
"detailEntry": null,
"displayName": "Test Demisto",
"id": "00u66lckd7lpjidYi0h7",
"type": "User"
},
"authenticationContext": {
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "trsFSV6XXY4TMCSB_xzJrZ85A",
"interface": null,
"issuer": null
},
"client": {
"device": "Unknown",
"geographicalContext": {
"city": "Boardman",
"country": "United States",
"geolocation": {
"lat": 45.8491,
"lon": -119.7143
},
"postalCode": "97818",
"state": "Oregon"
},
"id": null,
"ipAddress": "127.0.0.1",
"userAgent": {
"browser": "UNKNOWN",
"os": "Unknown",
"rawUserAgent": "python-requests/2.22.0"
},
"zone": "null"
},
"debugContext": {
"debugData": {
"requestId": "XlgCgAEBMJsNo5Yh9rHtZAAACPw",
"requestUri": "/api/v1/users/00upywm7l0rL1V0zt0h7/lifecycle/activate",
"threatSuspected": "false",
"url": "/api/v1/users/00upywm7l0rL1V0zt0h7/lifecycle/activate?"
}
},
"displayMessage": "Add user to application membership",
"eventType": "application.user_membership.add",
"legacyEventType": "app.generic.provision.assign_user_to_app",
"outcome": {
"reason": null,
"result": "SUCCESS"
},
"published": "2020-02-27T17:55:12.949Z",
"request": {
"ipChain": [
{
"geographicalContext": {
"city": "Boardman",
"country": "United States",
"geolocation": {
"lat": 45.8491,
"lon": -119.7143
},
"postalCode": "97818",
"state": "Oregon"
},
"ip": "127.0.0.1",
"source": null,
"version": "V4"
}
]
},
"securityContext": {
"asNumber": null,
"asOrg": null,
"domain": null,
"isProxy": null,
"isp": null
},
"severity": "INFO",
"target": [
{
"alternateId": "Test1@test.com",
"detailEntry": null,
"displayName": "Test 1 that",
"id": "0uapywj3yxcjhpjSQ0h7",
"type": "AppUser"
},
{
"alternateId": "ShrikSAML",
"detailEntry": null,
"displayName": "ShrikSAML",
"id": "0oabe0e2jruaQccDf0h7",
"type": "AppInstance"
},
{
"alternateId": "Test1@test.com",
"detailEntry": null,
"displayName": "Test 1 that",
"id": "00upywm7l0rL1V0zt0h7",
"type": "User"
}
],
"transaction": {
"detail": {},
"id": "XlgCgAEBMJsNo5Yh9rHtZAAACPw",
"type": "WEB"
},
"uuid": "4d8a4e9a-598a-11ea-a594-b9fb637659a5",
"version": "0"
}
}
}
}
Human Readable Output

Application Assignment Events

ActorActorAlternaneIdChainIPClientEventInfoEventOutcomeEventSeverityRequestIPTargetsTime
Test Demisto (User)Test@demisto.com127.0.0.1Unknown browser on Unknown OS Unknown deviceAdd user to application membershipSUCCESSINFO127.0.0.1Test 1 that (AppUser) ShrikSAML (AppInstance) Test 1 that (User)02/27/2020, 17:55:12

okta-get-application-authentication


Returns logs using specified filters.

Base Command

okta-get-application-authentication

Input
Argument NameDescriptionRequired
sinceFilters the lower time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z.Optional
untilFilters the upper time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z.Optional
sortOrderThe order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING".Optional
limitThe maximum number of results to return. The default is 100.Optional
Context Output
PathTypeDescription
Okta.Logs.Events.actor.alternateIdStringAlternative ID of the actor.
Okta.Logs.Events.actor.displayNameStringDisplay name of the actor.
Okta.Logs.Events.actor.idStringID of the actor.
Okta.Logs.Events.client.userAgent.rawUserAgentStringA raw string representation of user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field.
Okta.Logs.Events.client.userAgent.osStringThe OS on which the client runs. For example, Microsoft Windows 10.
Okta.Logs.Events.client.userAgent.browserStringIdentifies the type of web browser, if relevant. For example, Chrome.
Okta.Logs.Events.client.deviceStringType of device from which the client operated. For example, Computer.
Okta.Logs.Events.client.idStringFor OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request.
Okta.Logs.Events.client.ipAddressStringIP address from which the client made its request.
Okta.Logs.Events.client.geographicalContext.cityStringThe city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco.
Okta.Logs.Events.client.geographicalContext.stateStringFull name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon.
Okta.Logs.Events.client.geographicalContext.countryStringFull name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda.
Okta.Logs.Events.displayMessageStringThe display message for an event.
Okta.Logs.Events.eventTypeStringType of event that was published.
Okta.Logs.Events.outcome.resultStringResult of the action. Can be "SUCCESS", "FAILURE", "SKIPPED", or "UNKNOWN".
Okta.Logs.Events.outcome.reasonStringReason for the result. For example INVALID_CREDENTIALS.
Okta.Logs.Events.publishedStringTimestamp when the event was published.
Okta.Logs.Events.severityStringThe event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR".
Okta.Logs.Events.securityContext.asNumberNumberAutonomous system number associated with the autonomous system that the event request was sourced to.
Okta.Logs.Events.securityContext.asOrgStringOrganization associated with the autonomous system that the event request was sourced to.
Okta.Logs.Events.securityContext.ispStringInternet service provider used to send the event's request.
Okta.Logs.Events.securityContext.domainStringThe domain name associated with the IP address of the inbound event request.
Okta.Logs.Events.securityContext.isProxyStringSpecifies whether an event's request is from a known proxy.
Okta.Logs.Events.request.ipChain.IPStringIP address.
Okta.Logs.Events.request.ipChain.geographicalContext.cityStringThe city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco.
Okta.Logs.Events.request.ipChain.geographicalContext.stateStringFull name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon.
Okta.Logs.Events.request.ipChain.geographicalContext.countryStringFull name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda.
Okta.Logs.Events.request.ipChain.sourceStringDetails regarding the source.
Okta.Logs.Events.target.idStringID of a target.
Okta.Logs.Events.target.typeStringType of a target.
Okta.Logs.Events.target.alternateIdStringAlternative ID of a target.
Okta.Logs.Events.target.displayNameStringDisplay name of a target.
Command Example

!okta-get-application-authentication since="2019-04-30T00:00:00.000Z" until="2020-02-30T00:00:00.000Z" limit=1

Context Example
{
"Okta": {
"Logs": {
"Events": {
"actor": {
"alternateId": "Test@demisto.com",
"detailEntry": null,
"displayName": "Test Demisto",
"id": "00u66lckd7lpjidYi0h7",
"type": "User"
},
"authenticationContext": {
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "102ejbJMP0RSE2zwIOhr_PpHA",
"interface": null,
"issuer": null
},
"client": {
"device": "Computer",
"geographicalContext": {
"city": "Tel Aviv",
"country": "Israel",
"geolocation": {
"lat": 32.0678,
"lon": 34.7647
},
"postalCode": null,
"state": "Tel Aviv"
},
"id": null,
"ipAddress": "127.0.0.1",
"userAgent": {
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
},
"zone": "null"
},
"debugContext": {
"debugData": {
"authnRequestId": "XYI-PiWDTYEsVNLm7sc0vwAACi0",
"initiationType": "SP_INITIATED",
"requestId": "XYI-PzNoI1UMTtFvio-9LAAACAc",
"requestUri": "/app/demistodev725178_benzi_1/exkm30ffmuhcL0rFv0h7/sso/saml",
"signOnMode": "SAML 2.0",
"url": "/app/demistodev725178_benzi_1/exkm30ffmuhcL0rFv0h7/sso/saml?RelayState=&SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iXzRiODZjMGUzLWI0NzktNGU2NS00ZjIwLWJiNTE0YTc3NTUyMiIgVmVyc2lvbj0iMi4wIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cHM6Ly9lYzItNTItNDgtMTItMTIzLmV1LXdlc3QtMS5jb21wdXRlLmFtYXpvbmF3cy5jb20vc2FtbCIgSXNzdWVJbnN0YW50PSIyMDE5LTA5LTE4VDE0OjIyOjM3WiI%2BPHNhbWw6SXNzdWVyPmh0dHBzOi8vZGV2LTcyNTE3OC5va3RhcHJldmlldy5jb20vYXBwL2V4a20zMGZmbXVoY0wwckZ2MGg3L3Nzby9zYW1sL21ldGFkYXRhPC9zYW1sOklzc3Vlcj48c2FtbHA6TmFtZUlEUG9saWN5IEFsbG93Q3JlYXRlPSJ0cnVlIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnBlcnNpc3RlbnQiPjwvc2FtbHA6TmFtZUlEUG9saWN5Pjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg%3D%3D&fromLoginToken=OODncZp5PTgZ-8QwGMHgbJ6psmQES6dUWiMohfLGGm7GWKko8LFXHz3faG7ZkoocPX2ixv-dyUSOF7qJ9DZDVoVkeETM7n6MskWQ01woQFqUcUVdM1xDBmplZlK1DMhX6ozpZQV2XNK073FfDt4bASBEFFgGkFi5ygH-LmBFSfcoiLWHM5MGJ-JEUB97peJxOL41inNX2r333FMJoDzem0dLAOf4cfApoVz7VDdY06r8i6Lt0vuxmxKyZRWJkCHroKyc3ysag9gbUMR5tSoe3hRPJvCBozjYtzkpVlLBP_6V01eGL2YVP8JR2rkpI8MvBYNDLIoJry1e_eBOF3kzJA"
}
},
"displayMessage": "User single sign on to app",
"eventType": "user.authentication.sso",
"legacyEventType": "app.auth.sso",
"outcome": {
"reason": null,
"result": "SUCCESS"
},
"published": "2019-09-18T14:29:19.329Z",
"request": {
"ipChain": [
{
"geographicalContext": {
"city": "Tel Aviv",
"country": "Israel",
"geolocation": {
"lat": 32.0678,
"lon": 34.7647
},
"postalCode": null,
"state": "Tel Aviv"
},
"ip": "127.0.0.1",
"source": null,
"version": "V4"
}
]
},
"securityContext": {
"asNumber": null,
"asOrg": null,
"domain": null,
"isProxy": null,
"isp": null
},
"severity": "INFO",
"target": [
{
"alternateId": "benzi_master",
"detailEntry": {
"signOnModeType": "SAML_2_0"
},
"displayName": "benzi_master",
"id": "0oam30ffmvM5cLzxo0h7",
"type": "AppInstance"
},
{
"alternateId": "Test@demisto.com",
"detailEntry": null,
"displayName": "Test Demisto",
"id": "0uam30nfffJqV3I4M0h7",
"type": "AppUser"
}
],
"transaction": {
"detail": {},
"id": "XYI-PzNoI1UMTtFvio-9LAAACAc",
"type": "WEB"
},
"uuid": "b349fd35-da20-11e9-81c0-95908eb13131",
"version": "0"
}
}
}
}
Human Readable Output

Application Authentication Events

ActorActorAlternaneIdChainIPClientEventInfoEventOutcomeEventSeverityRequestIPTargetsTime
Test Demisto (User)Test@demisto.com127.0.0.1CHROME on Mac OS X ComputerUser single sign on to appSUCCESSINFO127.0.0.1BenziPermanent (AppInstance) Test Demisto (AppUser)10/14/2019, 12:16:53

okta-delete-user


Deletes the specified user.

Base Command

okta-delete-user

Input
Argument NameDescriptionRequired
userIdOkta User ID.Optional
usernameUsername of the user.Optional
Context Output

There is no context output for this command.

Command Example

!okta-delete-user username=testForDocs@test.com

Human Readable Output

User: testForDocs@test.com was Deleted successfully

okta-clear-user-sessions


Removes all active identity provider sessions. This forces the user to authenticate upon the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user. For more information and examples: https://developer.okta.com/docs/reference/api/users/#user-sessions

Base Command

okta-clear-user-sessions

Input
Argument NameDescriptionRequired
userIdOkta User ID.Required
Context Output

There is no context output for this command.

Command Example

!okta-clear-user-sessions userId=00ui5brmwtJpMdoZZ0h7

Human Readable Output

User session was cleared for: 00ui5brmwtJpMdoZZ0h7

okta-list-zones


Get an Okta Zone object

Base Command

okta-list-zones

Input

Argument NameDescriptionRequired

Context Output

PathTypeDescription
Okta.Zone.createdDateZone creation timestamp, in the format 2020-04-06T22:23:12.000Z.
Okta.Zone.gateways.typeStringGateways IP entry type, e.g., CIDR.
Okta.Zone.gateways.valueStringGateways IP entry value, e.g., 1.2.1.2/32.
Okta.Zone.idStringZone ID, e.g., nzoqsmcx1qWYJ6wY33h7.
Okta.Zone.lastUpdatedDateZone last update timestamp, e.g., 2020-04-06T22:23:12.000Z.
Okta.Zone.nameStringZone name.
Okta.Zone.proxies.typeStringProxies IP entry type e.g. CIDR
Okta.Zone.proxies.valueUnknownProxies IP entry value, e.g., 1.2.1.2/32.
Okta.Zone.statusStringZone status, e.g., ACTIVE.
Okta.Zone.systemNumberTrue if this is a system zone, false if user-created.
Okta.Zone.typeStringZone type, e.g., IP.

Command Example

!okta-list-zones

Context Example

{
"Okta": {
"Zone": [
{
"_links": {
"deactivate": {
"hints": {
"allow": [
"POST"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzo9rbw8evGOFV1VE0h7/lifecycle/deactivate"
},
"self": {
"hints": {
"allow": [
"GET",
"PUT",
"DELETE"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzo9rbw8evGOFV1VE0h7"
}
},
"created": "2017-03-03T22:05:24.000Z",
"gateways": [
{
"type": "CIDR",
"value": "2.2.2.2/32"
}
],
"id": "nzo9rbw8evGOFV1VE0h7",
"lastUpdated": "2020-04-23T08:58:55.000Z",
"name": "LegacyIpZone",
"proxies": null,
"status": "ACTIVE",
"system": true,
"type": "IP"
},
{
"_links": {
"deactivate": {
"hints": {
"allow": [
"POST"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzoqsmcx1qWYJ6wY33h7/lifecycle/deactivate"
},
"self": {
"hints": {
"allow": [
"GET",
"PUT",
"DELETE"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzoqsmcx1qWYJ6wY33h7"
}
},
"created": "2020-04-06T22:23:12.000Z",
"gateways": [
{
"type": "CIDR",
"value": "1.1.1.2/32"
},
{
"type": "CIDR",
"value": "1.1.1.3/32"
},
{
"type": "CIDR",
"value": "2.2.2.2/32"
},
{
"type": "CIDR",
"value": "2.2.2.3/32"
}
],
"id": "nzoqsmcx1qWYJ6wY33h7",
"lastUpdated": "2020-06-05T08:57:57.000Z",
"name": "MyZone",
"proxies": null,
"status": "ACTIVE",
"system": false,
"type": "IP"
}
]
}
}

Human Readable Output

Okta Zones

nameidgatewaysstatussystemlastUpdatedcreated
LegacyIpZonenzo9rbw8evGOFV1VE0h7{'type': 'CIDR', 'value': '2.2.2.2/32'}ACTIVEtrue2020-04-23T08:58:55.000Z2017-03-03T22:05:24.000Z
MyZonenzoqsmcx1qWYJ6wY33h7{'type': 'CIDR', 'value': '3.3.3.4/32'},
{'type': 'CIDR', 'value': '5.5.5.3/32'},
{'type': 'CIDR', 'value': '3.3.3.1/32'},
{'type': 'CIDR', 'value': '2.2.2.3/32'}
ACTIVEfalse2020-06-05T08:57:57.000Z2020-04-06T22:23:12.000Z

okta-update-zone


Update an Okta Zone

Base Command

okta-update-zone

Input

Argument NameDescriptionRequired
zoneIDZone ID to update, e.g., nzoqsmcx1qWYJ6wY33h7.Required
zoneNameUpdates the zone name.Optional
gatewayIPsUpdates Gateway IP addresses: CIDR range (1.1.0.0/16) or single IP address (2.2.2.2).Optional
proxyIPsUpdate Proxy IP addresses: CIDR range (1.1.0.0/16) or single IP address (2.2.2.2).Optional

Context Output

PathTypeDescription
Okta.Zone.createdDateZone creation timestamp, e.g., 2020-04-06T22:23:12.000Z.
Okta.Zone.gateways.typeStringGateways IP entry type, e.g., CIDR.
Okta.Zone.gateways.valueStringGateways IP entry value, e.g., 1.2.1.2/32.
Okta.Zone.idStringOkta Zone ID, e.g., nzoqsmcx1qWYJ6wY33h7.
Okta.Zone.lastUpdatedDateZone last update timestamp, in the format 2020-04-06T22:23:12.000Z.
Okta.Zone.nameStringZone name.
Okta.Zone.proxies.typeStringProxies IP entry type, e.g., CIDR.
Okta.Zone.proxies.valueUnknownProxies IP entry value, e.g., 1.2.1.2/32.
Okta.Zone.statusStringZone status, e.g., ACTIVE.
Okta.Zone.systemNumberTrue if this is a system zone, false if user-created.
Okta.Zone.typeStringZone type, e.g., IP.

Command Example

!okta-update-zone zoneID=nzoqsmcx1qWYJ6wY33h7 zoneName=MyZone

Context Example

{
"Okta": {
"Zone": {
"_links": {
"deactivate": {
"hints": {
"allow": [
"POST"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzoqsmcx1qWYJ6wY33h7/lifecycle/deactivate"
},
"self": {
"hints": {
"allow": [
"GET",
"PUT",
"DELETE"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzoqsmcx1qWYJ6wY33h7"
}
},
"created": "2020-04-06T22:23:12.000Z",
"gateways": [
{
"type": "CIDR",
"value": "1.1.3.5/32"
},
{
"type": "CIDR",
"value": "5.3.143.103/32"
},
{
"type": "CIDR",
"value": "5.3.246.228/32"
},
{
"type": "CIDR",
"value": "5.3.246.229/32"
}
],
"id": "nzoqsmcx1qWYJ6wY33h7",
"lastUpdated": "2020-06-05T08:57:57.000Z",
"name": "MyZone",
"proxies": null,
"status": "ACTIVE",
"system": false,
"type": "IP"
}
}
}

Human Readable Output

Okta Zones

nameidgatewaysstatussystemlastUpdatedcreated
MyZonenzoqsmcx1qWYJ6wY33h7{'type': 'CIDR', 'value': '1.3.1.5/32'},
{'type': 'CIDR', 'value': '1.3.1.5/32'},
{'type': 'CIDR', 'value': '1.3.1.5/32'},
{'type': 'CIDR', 'value': '1.3.1.5/32'}
ACTIVEfalse2020-06-05T08:57:57.000Z2020-04-06T22:23:12.000Z

okta-get-zone


Get a Zone by its ID

Base Command

okta-get-zone

Input

Argument NameDescriptionRequired
zoneIDZone ID to get, e.g., nzoqsmcx1qWYJ6wY33h7Required

Context Output

PathTypeDescription
Okta.Zone.createdDateZone creation timestamp, in the format 2020-04-06T22:23:12.000Z.
Okta.Zone.gateways.typeStringGateways IP entry type, e.g., CIDR.
Okta.Zone.gateways.valueStringGateways IP entry value, e.g., 1.2.1.2/32.
Okta.Zone.idStringOkta Zone ID, e.g., nzoqsmcx1qWYJ6wY33h7.
Okta.Zone.lastUpdatedDateZone last update timestamp, in the format 2020-04-06T22:23:12.000Z.
Okta.Zone.nameStringZone name.
Okta.Zone.proxies.typeStringProxies IP entry type, e.g., CIDR.
Okta.Zone.proxies.valueUnknownProxies IP entry value, e.g., 1.2.1.2/32.
Okta.Zone.statusStringZone status, e.g,. ACTIVE.
Okta.Zone.systemNumberTrue if this is a system zone, false if user-created.
Okta.Zone.typeStringZone type, e.g., IP.

Command Example

!okta-get-zone zoneID=nzoqsmcx1qWYJ6wY33h7

Context Example

{
"Okta": {
"Zone": {
"_links": {
"deactivate": {
"hints": {
"allow": [
"POST"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzoqsmcx1qWYJ6wY33h7/lifecycle/deactivate"
},
"self": {
"hints": {
"allow": [
"GET",
"PUT",
"DELETE"
]
},
"href": "https://dev-950355.oktapreview.com/api/v1/zones/nzoqsmcx1qWYJ6wY33h7"
}
},
"created": "2020-04-06T22:23:12.000Z",
"gateways": [
{
"type": "CIDR",
"value": "1.3.1.3/32"
},
{
"type": "CIDR",
"value": "3.5.146.103/32"
},
{
"type": "CIDR",
"value": "3.5.1.228/32"
},
{
"type": "CIDR",
"value": "3.5.1.229/32"
}
],
"id": "nzoqsmcx1qWYJ6wY33h7",
"lastUpdated": "2020-06-05T08:57:57.000Z",
"name": "MyZone",
"proxies": null,
"status": "ACTIVE",
"system": false,
"type": "IP"
}
}
}

Human Readable Output

Okta Zones

nameidgatewaysstatussystemlastUpdatedcreated
MyZonenzoqsmcx1qWYJ6wY33h7{'type': 'CIDR', 'value': '1.3.1.3/32'},
{'type': 'CIDR', 'value': '3.5.146.103/32'},
{'type': 'CIDR', 'value': '3.5.1.228/32'},
{'type': 'CIDR', 'value': '3.5.1.229/32'}
ACTIVEfalse2020-06-05T08:57:57.000Z2020-04-06T22:23:12.000Z