Okta v2
Integration with Okta's cloud-based identity management service
#
Configure Okta v2 on Demisto- Navigate to Settings > Integrations > Servers & Services.
- Search for Okta v2.
- Click Add instance to create and configure a new integration instance.
Parameter | Description | Required |
---|---|---|
url | Okta URL (https://yourdomain.okta.com) | True |
apitoken | API Token (see Detailed Instructions) | True |
insecure | Trust any certificate (not secure) | False |
proxy | Use system proxy settings | False |
- Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
okta-unlock-userUnlocks a single user.
#
Base Commandokta-unlock-user
#
InputArgument Name | Description | Required |
---|---|---|
username | Username to unlock. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!okta-unlock-user username=testForDocs@test.com
#
Human Readable OutputUser testForDocs@test.com unlocked
#
okta-deactivate-userDeactivates a single user.
#
Base Commandokta-deactivate-user
#
InputArgument Name | Description | Required |
---|---|---|
username | Username to deactivate. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!okta-deactivate-user username=testForDocs@test.com
#
Human Readable OutputUser testForDocs@test.com deactivated
#
okta-activate-userActivates a single user.
#
Base Commandokta-activate-user
#
InputArgument Name | Description | Required |
---|---|---|
username | Username to activate. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!okta-activate-user username=testForDocs@test.com
#
Human Readable OutputtestForDocs@test.com is active now#
#
okta-suspend-userSuspends a single user. This operation can only be performed on users with an ACTIVE status. The user has a status of SUSPENDED when the process is completed.
#
Base Commandokta-suspend-user
#
InputArgument Name | Description | Required |
---|---|---|
username | Username to suspend. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!okta-suspend-user username=testForDocs@test.com
#
Human Readable OutputtestForDocs@test.com status is Suspended#
#
okta-unsuspend-userReturns a single user to ACTIVE status. This operation can only be performed on users that have a SUSPENDED status.
#
Base Commandokta-unsuspend-user
#
InputArgument Name | Description | Required |
---|---|---|
username | Username to change the status to ACTIVE. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!okta-unsuspend-user username=testForDocs@test.com
#
Human Readable OutputtestForDocs@test.com is no longer SUSPENDED#
#
okta-get-user-factorsReturns all the enrolled factors for the specified user.
#
Base Commandokta-get-user-factors
#
InputArgument Name | Description | Required |
---|---|---|
username | Username for which to return all enrolled factors. | Optional |
userId | User ID of the user for which to get all enrolled factors. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Account.ID | String | Okta account ID. |
Account.Factor.ID | String | Okta account factor ID. |
Account.Factor.Provider | String | Okta account factor provider |
Account.Factor.Profile | String | Okta account factor profile. |
Account.Factor.FactorType | String | Okta account factor type. |
Account.Factor.Status | Unknown | Okta account factor status. |
#
Command Example!okta-get-user-factors username=factor@test.com
#
Context Example#
Human Readable OutputFactors for user: 00upt1w8tgFQM2v0h7
#
FactorsFactorType | ID | Profile | Provider | Status |
---|---|---|---|---|
sms | mbgt21nffaaN5F060h7 | phoneNumber: +12025550191 | OKTA | PENDING_ACTIVATION |
token:software:totp | uftptgdrDJ7fDOq0h7 | credentialId: factor@test.com | PENDING_ACTIVATION | |
push | opfg1joeaArlg27g0h7 | OKTA | PENDING_ACTIVATION |
#
okta-reset-factorUn-enrolls an existing factor for the specified user. This enables the user to enroll a new factor.
#
Base Commandokta-reset-factor
#
InputArgument Name | Description | Required |
---|---|---|
userId | The user ID | Optional |
username | Username for which to un-enroll an existing factor. | Optional |
factorId | The ID of the factor to reset. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!okta-reset-factor factorId=ufsq7cvptfbjQa72c0h7 userId=00upt1w8t40wFQM2v6t4
#
Human Readable OutputFactor: ufsq7cvptfbjQa72c0h7 deleted
#
okta-set-passwordSets passwords without validating existing user credentials.
#
Base Commandokta-set-password
#
InputArgument Name | Description | Required |
---|---|---|
username | Okta username for which to set the password. | Required |
password | The new password to set for the user. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!okta-set-password username=testForDocs@test.com password=N3wPa55word!
#
Human Readable OutputtestForDocs@test.com password was last changed on 2020-03-26T13:57:13.000Z
#
okta-add-to-groupAdds a user to a group with OKTA_GROUP type.
#
Base Commandokta-add-to-group
#
InputArgument Name | Description | Required |
---|---|---|
userId | ID of the user to add to the group. | Optional |
username | Name of the user to add to the group. | Optional |
groupId | ID of the group to add the user to. | Optional |
groupName | Name of the group to add the user to. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!okta-add-to-group groupName=Demisto username=testForDocs@test.com
#
Human Readable OutputUser: 00uqk1qesl3k0SRbH0h7 added to group: Demisto successfully
#
okta-remove-from-groupRemoves a user from a group with OKTA_GROUP type
#
Base Commandokta-remove-from-group
#
InputArgument Name | Description | Required |
---|---|---|
userId | ID of the user to remove from the group. | Optional |
username | Name of the user to remove from the group. | Optional |
groupId | ID of the group to remove the user from. | Optional |
groupName | Name of the group to remove the user from. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!okta-remove-from-group groupName=demisto username=testForDocs@test.com
#
Human Readable OutputUser: 00uqk1qesl3k0SRbH0h7 was removed from group: demisto successfully
#
okta-get-groupsReturns all user groups associated with a specified user.
#
Base Commandokta-get-groups
#
InputArgument Name | Description | Required |
---|---|---|
username | Username in Okta for which to get the associated groups. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Account.Group | Unknown | Okta groups with which the account is associated. |
Account.ID | String | Okta account ID. |
Account.Type | String | Okta account type. |
Account.Group.ID | String | Unique key for the group. |
Account.Group.Created | Date | Timestamp when the group was created. |
Account.Group.ObjectClass | String | The object class, which determines the group's profile. |
Account.Group.LastUpdated | Date | Timestamp when the group's profile was last updated. |
Account.Group.LastMembershipUpdated | Date | Timestamp when the group's memberships were last updated. |
Account.Group.Type | String | Group type, which determines how a group's profile and memberships are managed. |
Account.Group.Description | String | Description of the group. |
Account.Group.Name | String | Name of the group. |
#
Command Example!okta-get-groups username=testForDocs@test.com
#
Context Example#
Human Readable OutputOkta groups for user: testForDocs@test.com
#
GroupsCreated | Description | ID | LastMembershipUpdated | LastUpdated | Name | ObjectClass | Type |
---|---|---|---|---|---|---|---|
2016-04-12T15:01:50.000Z | All users in your organization | 00g66lckgAJpLcNc0h7 | 2020-03-26T13:56:49.000Z | 2016-04-12T15:01:50.000Z | Everyone | okta:user_group | BUILT_IN |
2018-01-19T02:02:06.000Z | 00gdougcgzEaf7c50h7 | 2020-03-26T13:49:47.000Z | 2018-01-19T02:02:06.000Z | Demisto | okta:user_group | OKTA_GROUP |
#
okta-verify-push-factorEnrolls and verifies a push factor for the specified user.
#
Base Commandokta-verify-push-factor
#
InputArgument Name | Description | Required |
---|---|---|
userId | The ID of the user to enroll and verify. | Required |
factorId | The push factor ID. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Account.ID | String | Okta user ID. |
Account.VerifyPushResult | String | Okta user push factor result. |
#
Command Example!okta-verify-push-factor factorId=opfpt1joeaArlg27g0h7 userId=00upt1w8t40wFQM2v0h7
#
Human Readable OutputVerify push factor result for user 00upt1w8t40wgQM2v0h7: WAITING
#
Context Example#
okta-searchSearches for Okta users.
#
Base Commandokta-search
#
InputArgument Name | Description | Required |
---|---|---|
term | Term by which to search. Can be a first name, last name, or email address. | Required |
limit | The maximum number of results to return. The default and maximum is 200. | Optional |
verbose | Whether to return details of users that match the found term. Can be "true" or "false". The default is "false". | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Account.ID | String | Okta account IDs returned by the search. |
Account.Username | String | Okta account usernames returned by the search. |
Account.Email | String | Okta account emails returned by the search. |
Account.DisplayName | String | Okta account display names returned by the search. |
Account.Type | String | Okta account type returned by the search. |
Account.Status | String | Okta account current status. |
Account.Created | Date | Timestamp for when the user was created. |
Account.Activated | Date | Timestamp for when the user was activated. |
Account.StatusChanged | Date | Timestamp for when the user's status was last changed. |
Account.PasswordChanged | Date | Timestamp for when the user's password was last changed. |
#
Command Example!okta-search term=test verbose=true
#
Context Example#
Human Readable Output#
Okta users found:bartest@test.com#
User:#
ProfileFirst Name | Last Name | Login | Mobile Phone | Second Email | |
---|---|---|---|---|---|
bartest@test.com | bar | test | bartest@test.com |
#
Additional DataActivated | Created | Credentials | ID | Last Login | Last Updated | Password Changed | Status | Status Changed | Type | _links |
---|---|---|---|---|---|---|---|---|---|---|
2020-02-12T14:03:51.000Z | 2020-02-12T14:03:50.000Z | provider: {"type": "OKTA", "name": "OKTA"} | 00uppjeleqJQ2kkN80h7 | 2020-02-12T14:03:51.000Z | PROVISIONED | id: oty66lckcvDyVcGzS0h7 | self: {"href": "https://yourdomain.okta.com/api/v1/users/00uppjeleqJQ2kkN80h7"} |
test@that.com#
User:#
ProfileFirst Name | Last Name | Login | Mobile Phone | Second Email | |
---|---|---|---|---|---|
test@that.com | test | that | test@that.com | test@that.com |
#
Additional DataActivated | Created | Credentials | ID | Last Login | Last Updated | Password Changed | Status | Status Changed | Type | _links |
---|---|---|---|---|---|---|---|---|---|---|
2020-02-19T12:33:20.000Z | 2018-07-31T12:48:33.000Z | provider: {"type": "OKTA", "name": "OKTA"} | 00ufufhqits3y78Ju0h7 | 2020-02-19T12:33:20.000Z | 2020-02-06T13:32:56.000Z | PROVISIONED | id: oty66lckcvDyVcGzS0h7 | self: {"href": "https://yourdomain.okta.com/api/v1/users/00ufufhqits3y78Ju0h7"} |
testForDocs@test.com#
User:#
ProfileFirst Name | Last Name | Login | Mobile Phone | Second Email | |
---|---|---|---|---|---|
testForDocs@test.com | test | that | testForDocs@test.com |
#
Additional DataActivated | Created | Credentials | ID | Last Login | Last Updated | Password Changed | Status | Status Changed | Type | _links |
---|---|---|---|---|---|---|---|---|---|---|
2020-03-26T13:56:52.000Z | 2020-03-26T13:56:49.000Z | password: {}recovery_question: {"question": "whats is your favourite integration"}provider: {"type": "OKTA", "name": "OKTA"} | 00uqk1qesl3k0SRbH0h7 | 2020-03-26T13:56:52.000Z | 2020-03-26T13:56:50.000Z | ACTIVE | id: oty66lckcvDyVcGzS0h7 | self: {"href": "https://yourdomain.okta.com/api/v1/users/00uqk1qesl3k0SRbH0h7"} |
#
okta-get-userFetches information for a single user. You must enter one or more parameters for the command to run.
#
Base Commandokta-get-user
#
InputArgument Name | Description | Required |
---|---|---|
username | Okta username for which to get information. | Optional |
userId | User ID of the user for which to get information. | Optional |
verbose | Whether to return extended user information. Can be "true" or "false". The default is "false". | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Account.ID | String | Okta account ID. |
Account.Email | String | Okta account email. |
Account.Username | String | Okta account username. |
Account.DisplayName | String | Okta account display name. |
Account.Status | String | Okta account status. |
Account.Created | Date | Timestamp for when the user was created. |
Account.Activated | Date | Timestamp for when the user was activated. |
Account.StatusChanged | Date | Timestamp for when the user's status was last changed. |
Account.PasswordChanged | Date | Timestamp for when the user's password was last changed. |
#
Command Example!okta-get-user username=testForDocs@test.com verbose=true
#
Context Example#
Human Readable OutputtestForDocs@test.com#
User:#
ProfileFirst Name | Last Name | Login | Mobile Phone | Second Email | |
---|---|---|---|---|---|
testForDocs@test.com | test | that | testForDocs@test.com |
#
Additional DataActivated | Created | Credentials | ID | Last Login | Last Updated | Password Changed | Status | Status Changed | Type | _links |
---|---|---|---|---|---|---|---|---|---|---|
2020-03-26T13:56:52.000Z | 2020-03-26T13:56:49.000Z | password: {}recovery_question: {"question": "whats is your favourite integration"} provider: {"type": "OKTA", "name": "OKTA"} | 00uqk1qesl3k0SRbH0h7 | 2020-03-26T13:56:52.000Z | 2020-03-26T13:56:50.000Z | ACTIVE | id: oty66lckcvDyVcGzS0h7 | links |
#
okta-create-userCreates a new user with an option of setting a password, recovery question, and answer. The new user will immediately be able to log in after activation with the assigned password. This flow is common when developing a custom user registration experience.
#
Base Commandokta-create-user
#
InputArgument Name | Description | Required |
---|---|---|
firstName | First name of the user (givenName). | Required |
lastName | Family name of the user (familyName). | Required |
Primary email address of the user. | Required | |
login | Unique identifier for the user (username). | Required |
secondEmail | Secondary email address of user. Usually used for account recovery. | Optional |
middleName | Middle name(s) of the user. | Optional |
honorificPrefix | A comma-separated list of honorific prefix(es) of the user, or title in most Western languages. | Optional |
honificSuffix | A comma-separated list of honorific suffix(es) of the user. | Optional |
title | User's title. for example, Vice President. | Optional |
displayName | Display name of the user. | Optional |
nickName | Casual way to address the user (nick name). | Optional |
profileUrl | URL of the user online profile. For example, a web page. | Optional |
primaryPhone | Primary phone number of the user. | Optional |
mobilePhone | Mobile phone number of the user. | Optional |
streetAddress | Full street address component of the user's address. | Optional |
city | City or locality component of the user's address (locality). | Optional |
state | State or region component of the user's address (region). | Optional |
zipCode | Zip code or postal code component of the user's address (postalCode). | Optional |
countryCode | Country name component of the user's address (country). | Optional |
postalAddress | Mailing address component of the user's address. | Optional |
preferredLanguage | User's preferred written or spoken languages. | Optional |
locale | User's default location, for purposes of localizing items such as currency, date-time format, numerical representations, etc. | Optional |
timezone | User's time zone. | Optional |
userType | The user type, which is used to identify the organization-to-user relationship such as "Employee" or "Contractor". | Optional |
employeeNumber | Organization or company assigned unique identifier for the user. | Optional |
costCenter | Name of a cost center the user is assigned to. | Optional |
organization | Name of the user's organization. | Optional |
division | Name of the user's division. | Optional |
department | Name of the user's department. | Optional |
managerId | ID of the user's manager. | Optional |
manager | Display name of the user's manager. | Optional |
password | Password for the new user. | Optional |
passwordQuestion | Password question for the new user. | Optional |
passwordAnswer | Password answer for question. | Optional |
providerType | The provider type. Can be "OKTA", "ACTIVE_DIRECTORY", "LDAP", "FEDERATION", or "SOCIAL". | Optional |
providerName | Name of the provider. | Optional |
groupIds | IDs of groups that the user will be immediately added to at time of creation (does Not include default group). | Optional |
activate | Whether to activate the lifecycle operation when creating the user. Can be "true" or "false". | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Account.ID | String | Created Okta account ID. |
Account.Email | String | Created Okta account email address. |
Account.Username | String | Created okta account username. |
Account.DisplayName | String | Created Okta account display name. |
Account.Type | String | Type of created account - Okta. |
Account.Status | String | Okta account current status. |
Account.Created | Date | Timestamp for when the user was created. |
Account.Activated | Date | Timestamp for when the user was activated. |
Account.StatusChanged | Date | Timestamp for when the user's status was last changed. |
Account.PasswordChanged | Date | Timestamp for when the user's password was last changed. |
#
Command Example!okta-create-user email=testForDocs@test.com firstName=test lastName=that login=testForDocs@test.com password=Pa55word! passwordQuestion="whats is your favourite integration" passwordAnswer="Okta of course"
#
Context Example#
Human Readable OutputtestForDocs@test.com:#
Okta User Created:First Name | ID | Last Login | Last Name | Login | Mobile Phone | Status |
---|---|---|---|---|---|---|
test | 00uqk1qesl3k0SRbH0h7 | that | testForDocs@test.com | STAGED |
#
okta-update-userUpdates a user with a given login. All fields are optional, fields which are not set will not be overridden.
#
Base Commandokta-update-user
#
InputArgument Name | Description | Required |
---|---|---|
firstName | First name of the user (given name). | Optional |
lastName | Family name of the user. | Optional |
Primary email address of the user. | Optional | |
username | Unique identifier for the user (login). | Required |
secondEmail | Secondary email address of the user (typically used for account recovery. | Optional |
middleName | Middle name(s) of the user. | Optional |
honorificPrefix | Honorific prefix(es) of the user, or title in most Western languages. | Optional |
honorificSuffix | Honorific suffix(es) of the user. | Optional |
title | User's title. For example, Vice President. | Optional |
displayName | Display name of the user. | Optional |
nickName | Casual way to address the user in real life (nick name). | Optional |
profileUrl | URL of the user's online profile. For example, a web page. | Optional |
primaryPhone | Primary phone number of the user. | Optional |
mobilePhone | Mobile phone number of the user. | Optional |
streetAddress | Full street address component of the user's address. | Optional |
city | City or locality component of the user's address (locality). | Optional |
state | State or region component of the user's address (region). | Optional |
zipCode | Zip code or postal code component of the user's address (postalCode). | Optional |
countryCode | Country name component of the user's address (country). | Optional |
postalSddress | Mailing address component of the user's address. | Optional |
preferredLanguage | User's preferred written or spoken languages. | Optional |
locale | User's default location for purposes of localizing items such as currency, date-time format, numerical representations, etc. | Optional |
timezone | User time zone. | Optional |
userType | The user type, which is used to identify the organization-to-user relationship such as "Employee" or "Contractor". | Optional |
employeeNumber | Organization or company assigned unique identifier for the user. | Optional |
costCenter | Name of a cost center the user is assigned to. | Optional |
organization | Name of the user's organization. | Optional |
division | Name of the user's division. | Optional |
department | Name of the user's department. | Optional |
managerId | ID of the user's manager. | Optional |
manager | Display name of the user's manager. | Optional |
password | New password for the specified user. | Optional |
passwordQuestion | Password question for the specified user. | Optional |
passwordAnswer | Password answer for the question. | Optional |
providerType | The provider type. Can be "OKTA", "ACTIVE_DIRECTORY", "LDAP", "FEDERATION", or "SOCIAL". | Optional |
providerName | Name of the provider. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!okta-update-user username=testForDocs@test.com firstName="First Name Updated"
#
Human Readable OutputtestForDocs@test.com Updated:#
Okta user:firstName | lastName | login | mobilePhone | secondEmail | |
---|---|---|---|---|---|
testForDocs@test.com | First Name Updated | that | testForDocs@test.com |
#
okta-get-group-membersEnumerates all users that are members of a group.
#
Base Commandokta-get-group-members
#
InputArgument Name | Description | Required |
---|---|---|
groupId | ID of the group. | Optional |
limit | The maximum number of results to return. | Optional |
verbose | Whether to print extended user details. Can be "true" or "false". The default is "false". | Optional |
groupName | Name of the group. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Account.ID | String | Okta account ID. |
Account.Email | String | Okta account email address. |
Account.Username | String | Okta account username. |
Account.DisplayName | String | Okta account display name. |
Account.Type | String | Account type - Okta. |
Account.Status | String | Okta account current status. |
Account.Created | Date | Timestamp for when the user was created. |
Account.Activated | Date | Timestamp for when the user was activated. |
Account.StatusChanged | Date | Timestamp for when the user's status was last changed. |
Account.PasswordChanged | Date | Timestamp for when the user's password was last changed. |
#
Command Example!okta-get-group-members groupName=Demisto limit=1 verbose=true
#
Context Example#
Human Readable Output#
Users for group: Demisto:Test@demisto.com#
User:#
ProfileFirst Name | Last Name | Login | Mobile Phone | Second Email | |
---|---|---|---|---|---|
XSOAR@demisto.com | Test | Demisto | XSOAR@demisto.com |
#
Additional DataActivated | Created | Credentials | ID | Last Login | Last Updated | Password Changed | Status | Status Changed | Type | _links |
---|---|---|---|---|---|---|---|---|---|---|
2016-04-12T15:01:52.000Z | password: {} recovery_question: {"question": "born city"} provider: {"type": "OKTA", "name": "OKTA"} | 00u66lckd7lpjidYi0h7 | 2020-03-12T09:54:36.000Z | 2020-02-24T11:42:22.000Z | 2020-02-24T11:40:08.000Z | ACTIVE | id: oty66lckcyVcGzS0h7 | self: {"href": "https://yourdomain.okta.com/api/v1/users/00uclpjidYi0h7"} |
#
okta-list-groupsLists groups in your organization. A subset of groups can be returned that match a supported filter expression or query.
#
Base Commandokta-list-groups
#
InputArgument Name | Description | Required |
---|---|---|
query | Searches the name property of groups for matching values. | Optional |
filter | Useful for performing structured queries where constraints on group attribute values can be explicitly targeted. The following expressions are supported(among others) for groups with the filter query parameter: type eq "OKTA_GROUP" - Groups that have a type of OKTA_GROUP; lastUpdated lt "yyyy-MM-dd''T''HH:mm:ss.SSSZ" - Groups with profile last updated before a specific timestamp; lastMembershipUpdated eq "yyyy-MM-dd''T''HH:mm:ss.SSSZ" - Groups with memberships last updated at a specific timestamp; id eq "00g1emaKYZTWRYYRRTSK" - Group with a specified ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering | Optional |
limit | The maximum number of results to return. The default is 200. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Okta.Group.ID | String | Unique key for the group. |
Okta.Group.Created | Date | Timestamp for when the group was created. |
Okta.Group.ObjectClass | Unknown | The group's profile. |
Okta.Group.LastUpdated | Date | Timestamp for when the group's profile was last updated. |
Okta.Group.LastMembershipUpdated | Date | Timestamp for when the group's membership was last updated. |
Okta.Group.Type | String | The group type, which determines how a group's profile and membership are managed. Can be "OKTA_GROUP", "APP_GROUP", or "BUILT_IN". |
Okta.Group.Name | String | Name of the group. |
Okta.Group.Description | String | Description of the group. |
#
Command Example!okta-list-groups filter=`type eq "OKTA_GROUP" and lastUpdated lt "2019-04-30T00:00:00.000Z" and lastMembershipUpdated gt "2019-04-30T00:00:00.000Z"` query=demisto
#
Context Example#
Human Readable Output#
GroupsCreated | Description | ID | LastMembershipUpdated | LastUpdated | Name | ObjectClass | Type |
---|---|---|---|---|---|---|---|
2018-01-19T02:02:06.000Z | 00gdougctEaf7c50h7 | 2020-03-26T13:56:56.000Z | 2018-01-19T02:02:06.000Z | Demisto | okta:user_group | OKTA_GROUP |
#
okta-get-failed-loginsReturns failed login events.
#
Base Commandokta-get-failed-logins
#
InputArgument Name | Description | Required |
---|---|---|
since | Filters the lower time bound of the log events in the Internet Date/Time Format profile of ISO 8601. An example: 2017-05-03T16:22:18Z | Optional |
until | Filters the upper time bound of the log events in the Internet Date/Time Format profile of ISO 8601. An example: 2017-05-03T16:22:18Z | Optional |
sortOrder | The order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING". | Optional |
limit | The maximum number of results to return. The default is 100. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Okta.Logs.Events.actor.alternateId | String | Alternative ID of the actor. |
Okta.Logs.Events.actor.displayName | String | Display name of the actor. |
Okta.Logs.Events.actor.id | String | ID of the actor. |
Okta.Logs.Events.client.userAgent.rawUserAgent | String | A raw string representation of the user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field. |
Okta.Logs.Events.client.userAgent.os | String | The OS on which the client runs. For example, Microsoft Windows 10. |
Okta.Logs.Events.client.userAgent.browser | String | Identifies the browser type, if relevant. For example, Chrome. |
Okta.Logs.Events.client.device | String | Type of device that client operated from. For example, Computer. |
Okta.Logs.Events.client.id | String | For OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request. |
Okta.Logs.Events.client.ipAddress | String | IP address from which the client made its request. |
Okta.Logs.Events.client.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
Okta.Logs.Events.client.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example Montana, Incheon. |
Okta.Logs.Events.client.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
Okta.Logs.Events.displayMessage | String | The display message for an event. |
Okta.Logs.Events.eventType | String | Type of event that was published. |
Okta.Logs.Events.outcome.result | String | Result of the action. Can be "SUCCESS", "FAILURE", "SKIPPED", "UNKNOWN". |
Okta.Logs.Events.outcome.reason | String | Reason for the result. For example, INVALID_CREDENTIALS. |
Okta.Logs.Events.published | String | Timestamp when the event was published. |
Okta.Logs.Events.severity | String | The event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR". |
Okta.Logs.Events.securityContext.asNumber | Number | Autonomous system number associated with the autonomous system that the event request was sourced to. |
Okta.Logs.Events.securityContext.asOrg | String | Organization associated with the autonomous system that the event request was sourced to. |
Okta.Logs.Events.securityContext.isp | String | Internet service provider used to send the event's request. |
Okta.Logs.Events.securityContext.domain | String | The domain name associated with the IP address of the inbound event request. |
Okta.Logs.Events.securityContext.isProxy | String | Specifies whether an event's request is from a known proxy. |
Okta.Logs.Events.request.ipChain.IP | String | IP address. |
Okta.Logs.Events.request.ipChain.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
Okta.Logs.Events.request.ipChain.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
Okta.Logs.Events.request.ipChain.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
Okta.Logs.Events.request.ipChain.source | String | Details regarding the source. |
Okta.Logs.Events.target.id | String | ID of a target. |
Okta.Logs.Events.target.type | String | Type of a target. |
Okta.Logs.Events.target.alternateId | String | Alternative ID of a target. |
Okta.Logs.Events.target.displayName | String | Display name of a target. |
#
Command Example!okta-get-failed-logins since="2019-04-30T00:00:00.000Z" limit=1
#
Context Example#
Human Readable Output#
Failed Login EventsActor | ActorAlternaneId | ChainIP | Client | EventInfo | EventOutcome | EventSeverity | RequestIP | Targets | Time |
---|---|---|---|---|---|---|---|---|---|
unknown (User) | admin | 127.0.0.1 | CHROME on Windows 10 Computer | User login to Okta | FAILURE: VERIFICATION_ERROR | INFO | 127.0.0.1 | - | 09/30/2019, 18:42:38 |
#
okta-get-logsGets logs by providing optional filters.
#
Base Commandokta-get-logs
#
InputArgument Name | Description | Required |
---|---|---|
filter | Useful for performing structured queries where constraints on LogEvent attribute values can be explicitly targeted. The following expressions are supported for events with the filter query parameter: eventType eq " :eventType" -Events that have a specific action; eventType target.id eq ":id" - Events published with a specific target id; actor.id eq ":id" - Events published with a specific actor ID. For more information about filtering, visit https://developer.okta.com/docs/api/getting_started/design_principles#filtering | Optional |
query | The query parameter can be used to perform keyword matching against a LogEvents object’s attribute values. In order to satisfy the constraint, all supplied keywords must be matched exactly. Note that matching is case-insensitive. The following are some examples of common keyword filtering: Events that mention a specific city: query=San Francisco; Events that mention a specific url: query=interestingURI.com; Events that mention a specific person: query=firstName lastName. | Optional |
since | Filters the lower time bound of the log events in the Internet Date/Time Format profile of ISO 8601. For example: 2017-05-03T16:22:18Z. | Optional |
until | Filters the upper time bound of the log events in the Internet Date/Time Format profile of ISO 8601. For example: 2017-05-03T16:22:18Z. | Optional |
sortOrder | The order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING". | Optional |
limit | The maximum number of results to return. The default is 100. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Okta.Logs.Events.actor.alternateId | String | Alternative ID of the actor. |
Okta.Logs.Events.actor.displayName | String | Display name of the actor. |
Okta.Logs.Events.actor.id | String | ID of the actor. |
Okta.Logs.Events.client.userAgent.rawUserAgent | String | A raw string representation of user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field. |
Okta.Logs.Events.client.userAgent.os | String | The operation system on which the client runs. For example, Microsoft Windows 10. |
Okta.Logs.Events.client.userAgent.browser | String | Identifies the type of web browser, if relevant. For example, Chrome. |
Okta.Logs.Events.client.device | String | Type of device from which the client operated. For example, Computer. |
Okta.Logs.Events.client.id | String | For OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request. |
Okta.Logs.Events.client.ipAddress | String | IP address from which the client made its request. |
Okta.Logs.Events.client.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
Okta.Logs.Events.client.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
Okta.Logs.Events.client.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
Okta.Logs.Events.displayMessage | String | The display message for an event. |
Okta.Logs.Events.eventType | String | Type of event that was published. |
Okta.Logs.Events.outcome.result | String | Result of the action. Can be "SUCCESS", "FAILURE", "SKIPPED", or "UNKNOWN". |
Okta.Logs.Events.outcome.reason | String | Reason for the result. For example, INVALID_CREDENTIALS. |
Okta.Logs.Events.published | String | Timestamp when the event was published. |
Okta.Logs.Events.severity | String | The event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR". |
Okta.Logs.Events.securityContext.asNumber | Number | Autonomous system number associated with the autonomous system that the event request was sourced to. |
Okta.Logs.Events.securityContext.asOrg | String | Organization associated with the autonomous system that the event request was sourced to. |
Okta.Logs.Events.securityContext.isp | String | Internet service provider used to send the event's request. |
Okta.Logs.Events.securityContext.domain | String | The domain name associated with the IP address of the inbound event request. |
Okta.Logs.Events.securityContext.isProxy | String | Specifies whether an event's request is from a known proxy. |
Okta.Logs.Events.request.ipChain.IP | String | IP address. |
Okta.Logs.Events.request.ipChain.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
Okta.Logs.Events.request.ipChain.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
Okta.Logs.Events.request.ipChain.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
Okta.Logs.Events.request.ipChain.source | String | Details regarding the source. |
Okta.Logs.Events.target.id | String | ID of a target. |
Okta.Logs.Events.target.type | String | Type of a target. |
Okta.Logs.Events.target.alternateId | String | Alternative ID of a target. |
Okta.Logs.Events.target.displayName | String | Display name of a target. |
#
Command Example!okta-get-logs filter=`actor.id eq "00u66lckvpjidYi0h7"` query=Boardman since="2020-03-03T20:23:17.573Z" limit=1
#
Context Example#
Human Readable Output#
Okta EventsActor | ActorAlternaneId | ChainIP | Client | EventInfo | EventOutcome | EventSeverity | RequestIP | Targets | Time |
---|---|---|---|---|---|---|---|---|---|
Test Demisto (User) | Test@demisto.com | 127.0.0.1 | Unknown browser on Unknown OS Unknown device | Remove user from group membership | SUCCESS | INFO | 127.0.0.1 | test this (User) test1 (UserGroup) | 03/03/2020, 20:23:17 |
#
okta-get-group-assignmentsGets events for when a user was added to a group.
#
Base Commandokta-get-group-assignments
#
InputArgument Name | Description | Required |
---|---|---|
since | Filters the lower time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z. | Optional |
until | Filters the upper time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z. | Optional |
sortOrder | The order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING". | Optional |
limit | The maximum number of results to return. The default is 100. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Okta.Logs.Events.actor.alternateId | String | Alternative ID of the actor. |
Okta.Logs.Events.actor.displayName | String | Display name of the actor. |
Okta.Logs.Event.actor.id | String | ID of the actor. |
Okta.Logs.Events.client.userAgent.rawUserAgent | String | A raw string representation of user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field. |
Okta.Logs.Events.client.userAgent.os | String | The OS on which the client runs. For example, Microsoft Windows 10. |
Okta.Logs.Events.client.userAgent.browser | String | Identifies the type of web browser, if relevant. For example, Chrome. |
Okta.Logs.Events.client.device | String | Type of device from which the client operated. For example, Computer. |
Okta.Logs.Events.client.id | String | For OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request. |
Okta.Logs.Events.client.ipAddress | String | IP address from which the client made its request. |
Okta.Logs.Events.client.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
Okta.Logs.Events.client.geographicalContext.state | String | Full name of the state or province encompassing in the area containing the geo-location coordinates. For example, Montana, Incheon. |
Okta.Logs.Events.client.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
Okta.Logs.Events.displayMessage | String | The display message for an event. |
Okta.Logs.Events.eventType | String | Type of event that was published. |
Okta.Logs.Events.outcome.result | String | Result of the action. Can be "SUCCESS", "FAILURE", "SKIPPED", or "UNKNOWN". |
Okta.Logs.Events.outcome.reason | Unknown | Reason for the result. For example INVALID_CREDENTIALS. |
Okta.Logs.Events.published | String | Timestamp when the event was published. |
Okta.Logs.Events.severity | String | The event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR". |
Okta.Logs.Events.securityContext.asNumber | Number | Autonomous system number associated with the autonomous system that the event request was sourced to. |
Okta.Logs.Events.securityContext.asOrg | String | Organization associated with the autonomous system that the event request was sourced to. |
Okta.Logs.Events.securityContext.isp | String | Internet service provider used to send the event's request. |
Okta.Logs.Events.securityContext.domain | String | The domain name associated with the IP address of the inbound event request. |
Okta.Logs.Events.securityContext.isProxy | String | Specifies whether an event's request is from a known proxy. |
Okta.Logs.Events.request.ipChain.IP | String | IP address. |
Okta.Logs.Events.request.ipChain.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
Okta.Logs.Events.request.ipChain.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
Okta.Logs.Events.request.ipChain.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
Okta.Logs.Events.request.ipChain.source | String | Details regarding the source. |
Okta.Logs.Events.target.id | String | ID of a target. |
Okta.Logs.Events.target.type | String | Type of a target. |
Okta.Logs.Events.target.alternateId | String | Alternative ID of a target. |
Okta.Logs.Events.target.displayName | String | Display name of a target. |
#
Command Example!okta-get-group-assignments since="2019-04-30T00:00:00.000Z" limit=1
#
Context Example#
Human Readable Output#
Group Assignment EventsActor | ActorAlternaneId | ChainIP | Client | EventInfo | EventOutcome | EventSeverity | RequestIP | Targets | Time |
---|---|---|---|---|---|---|---|---|---|
Test Demisto (User) | Test@demisto.com | 127.0.0.1 | Unknown browser on Unknown OS Unknown device | Add user to group membership | SUCCESS | INFO | 127.0.0.1 | test this (User) test1 (UserGroup) | 09/29/2019, 03:47:46 |
#
okta-get-application-assignmentsReturns events for when a user was assigned to an application.
#
Base Commandokta-get-application-assignments
#
InputArgument Name | Description | Required |
---|---|---|
since | Filters the lower time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z. | Optional |
until | Filters the upper time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z. | Optional |
sortOrder | The order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING". | Optional |
limit | The maximum number of results to return. The default is 100. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Okta.Logs.Events.actor.alternateId | String | Alternative ID of the actor. |
Okta.Logs.Events.actor.displayName | String | Display name of the actor. |
Okta.Logs.Event.actor.id | String | ID of the actor. |
Okta.Logs.Events.client.userAgent.rawUserAgent | String | A raw string representation of user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field. |
Okta.Logs.Events.client.userAgent.os | String | The OS on which the client runs. For example, Microsoft Windows 10. |
Okta.Logs.Events.client.userAgent.browser | String | Identifies the type of web browser, if relevant. For example, Chrome. |
Okta.Logs.Events.client.device | String | Type of device from which the client operated. For example, Computer. |
Okta.Logs.Events.client.id | String | For OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request. |
Okta.Logs.Events.client.ipAddress | String | IP address from which the client made its request. |
Okta.Logs.Events.client.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
Okta.Logs.Events.client.geographicalContext.state | String | Full name of the state or province encompassing in the area containing the geo-location coordinates. For example, Montana, Incheon. |
Okta.Logs.Events.client.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
Okta.Logs.Events.displayMessage | String | The display message for an event. |
Okta.Logs.Events.eventType | String | Type of event that was published. |
Okta.Logs.Events.outcome.result | String | Result of the action. For example, "SUCCESS", "FAILURE", "SKIPPED", or "UNKNOWN". |
Okta.Logs.Events.outcome.reason | String | Reason for the result. For example INVALID_CREDENTIALS. |
Okta.Logs.Events.published | String | Timestamp when the event was published. |
Okta.Logs.Events.severity | String | The event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR". |
Okta.Logs.Events.securityContext.asNumber | Number | Autonomous system number associated with the autonomous system that the event request was sourced to. |
Okta.Logs.Events.securityContext.asOrg | String | Organization associated with the autonomous system that the event request was sourced to. |
Okta.Logs.Events.securityContext.isp | String | Internet service provider used to send the event's request. |
Okta.Logs.Events.securityContext.domain | String | The domain name associated with the IP address of the inbound event request. |
Okta.Logs.Events.securityContext.isProxy | String | Specifies whether an event's request is from a known proxy. |
Okta.Logs.Events.request.ipChain.IP | String | IP address. |
Okta.Logs.Events.request.ipChain.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
Okta.Logs.Events.request.ipChain.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
Okta.Logs.Events.request.ipChain.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
Okta.Logs.Events.request.ipChain.source | String | Details regarding the source. |
Okta.Logs.Events.target.id | String | ID of a target. |
Okta.Logs.Events.target.type | String | Type of a target. |
Okta.Logs.Events.target.alternateId | String | Alternative ID of a target. |
Okta.Logs.Events.target.displayName | String | Display name of a target. |
#
Command Example!okta-get-application-assignments since="2019-04-30T00:00:00.000Z" until="2020-02-30T00:00:00.000Z" sortOrder=DESCENDING limit=1
#
Context Example#
Human Readable Output#
Application Assignment EventsActor | ActorAlternaneId | ChainIP | Client | EventInfo | EventOutcome | EventSeverity | RequestIP | Targets | Time |
---|---|---|---|---|---|---|---|---|---|
Test Demisto (User) | Test@demisto.com | 127.0.0.1 | Unknown browser on Unknown OS Unknown device | Add user to application membership | SUCCESS | INFO | 127.0.0.1 | Test 1 that (AppUser) ShrikSAML (AppInstance) Test 1 that (User) | 02/27/2020, 17:55:12 |
#
okta-get-application-authenticationReturns logs using specified filters.
#
Base Commandokta-get-application-authentication
#
InputArgument Name | Description | Required |
---|---|---|
since | Filters the lower time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z. | Optional |
until | Filters the upper time bound of the log event in the Internet Date\Time format profile of ISO 8601. For example, 2020-02-14T16:00:18Z. | Optional |
sortOrder | The order of the returned events. Can be "ASCENDING" or "DESCENDING". The default is "ASCENDING". | Optional |
limit | The maximum number of results to return. The default is 100. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Okta.Logs.Events.actor.alternateId | String | Alternative ID of the actor. |
Okta.Logs.Events.actor.displayName | String | Display name of the actor. |
Okta.Logs.Events.actor.id | String | ID of the actor. |
Okta.Logs.Events.client.userAgent.rawUserAgent | String | A raw string representation of user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field. |
Okta.Logs.Events.client.userAgent.os | String | The OS on which the client runs. For example, Microsoft Windows 10. |
Okta.Logs.Events.client.userAgent.browser | String | Identifies the type of web browser, if relevant. For example, Chrome. |
Okta.Logs.Events.client.device | String | Type of device from which the client operated. For example, Computer. |
Okta.Logs.Events.client.id | String | For OAuth requests, the ID of the OAuth client making the request. For SSWS token requests, the ID of the agent making the request. |
Okta.Logs.Events.client.ipAddress | String | IP address from which the client made its request. |
Okta.Logs.Events.client.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
Okta.Logs.Events.client.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
Okta.Logs.Events.client.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
Okta.Logs.Events.displayMessage | String | The display message for an event. |
Okta.Logs.Events.eventType | String | Type of event that was published. |
Okta.Logs.Events.outcome.result | String | Result of the action. Can be "SUCCESS", "FAILURE", "SKIPPED", or "UNKNOWN". |
Okta.Logs.Events.outcome.reason | String | Reason for the result. For example INVALID_CREDENTIALS. |
Okta.Logs.Events.published | String | Timestamp when the event was published. |
Okta.Logs.Events.severity | String | The event severity. Can be "DEBUG", "INFO", "WARN", or "ERROR". |
Okta.Logs.Events.securityContext.asNumber | Number | Autonomous system number associated with the autonomous system that the event request was sourced to. |
Okta.Logs.Events.securityContext.asOrg | String | Organization associated with the autonomous system that the event request was sourced to. |
Okta.Logs.Events.securityContext.isp | String | Internet service provider used to send the event's request. |
Okta.Logs.Events.securityContext.domain | String | The domain name associated with the IP address of the inbound event request. |
Okta.Logs.Events.securityContext.isProxy | String | Specifies whether an event's request is from a known proxy. |
Okta.Logs.Events.request.ipChain.IP | String | IP address. |
Okta.Logs.Events.request.ipChain.geographicalContext.city | String | The city encompassing the area containing the geo-location coordinates, if available. For example, Seattle, San Francisco. |
Okta.Logs.Events.request.ipChain.geographicalContext.state | String | Full name of the state or province encompassing the area containing the geo-location coordinates. For example, Montana, Incheon. |
Okta.Logs.Events.request.ipChain.geographicalContext.country | String | Full name of the country encompassing the area containing the geo-location coordinates. For example, France, Uganda. |
Okta.Logs.Events.request.ipChain.source | String | Details regarding the source. |
Okta.Logs.Events.target.id | String | ID of a target. |
Okta.Logs.Events.target.type | String | Type of a target. |
Okta.Logs.Events.target.alternateId | String | Alternative ID of a target. |
Okta.Logs.Events.target.displayName | String | Display name of a target. |
#
Command Example!okta-get-application-authentication since="2019-04-30T00:00:00.000Z" until="2020-02-30T00:00:00.000Z" limit=1
#
Context Example#
Human Readable Output#
Application Authentication EventsActor | ActorAlternaneId | ChainIP | Client | EventInfo | EventOutcome | EventSeverity | RequestIP | Targets | Time |
---|---|---|---|---|---|---|---|---|---|
Test Demisto (User) | Test@demisto.com | 127.0.0.1 | CHROME on Mac OS X Computer | User single sign on to app | SUCCESS | INFO | 127.0.0.1 | BenziPermanent (AppInstance) Test Demisto (AppUser) | 10/14/2019, 12:16:53 |
#
okta-delete-userDeletes the specified user.
#
Base Commandokta-delete-user
#
InputArgument Name | Description | Required |
---|---|---|
userId | Okta User ID. | Optional |
username | Username of the user. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!okta-delete-user username=testForDocs@test.com
#
Human Readable OutputUser: testForDocs@test.com was Deleted successfully
#
okta-clear-user-sessionsRemoves all active identity provider sessions. This forces the user to authenticate upon the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user. For more information and examples: https://developer.okta.com/docs/reference/api/users/#user-sessions
#
Base Commandokta-clear-user-sessions
#
InputArgument Name | Description | Required |
---|---|---|
userId | Okta User ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!okta-clear-user-sessions userId=00ui5brmwtJpMdoZZ0h7
#
Human Readable Output#
User session was cleared for: 00ui5brmwtJpMdoZZ0h7#
okta-list-zonesGet an Okta Zone object
#
Base Commandokta-list-zones
#
InputArgument Name | Description | Required |
---|
#
Context OutputPath | Type | Description |
---|---|---|
Okta.Zone.created | Date | Zone creation timestamp, in the format 2020-04-06T22:23:12.000Z. |
Okta.Zone.gateways.type | String | Gateways IP entry type, e.g., CIDR. |
Okta.Zone.gateways.value | String | Gateways IP entry value, e.g., 1.2.1.2/32. |
Okta.Zone.id | String | Zone ID, e.g., nzoqsmcx1qWYJ6wY33h7. |
Okta.Zone.lastUpdated | Date | Zone last update timestamp, e.g., 2020-04-06T22:23:12.000Z. |
Okta.Zone.name | String | Zone name. |
Okta.Zone.proxies.type | String | Proxies IP entry type e.g. CIDR |
Okta.Zone.proxies.value | Unknown | Proxies IP entry value, e.g., 1.2.1.2/32. |
Okta.Zone.status | String | Zone status, e.g., ACTIVE. |
Okta.Zone.system | Number | True if this is a system zone, false if user-created. |
Okta.Zone.type | String | Zone type, e.g., IP. |
#
Command Example!okta-list-zones
#
Context Example#
Human Readable Output#
Okta Zones
name id gateways status system lastUpdated created LegacyIpZone nzo9rbw8evGOFV1VE0h7 {'type': 'CIDR', 'value': '2.2.2.2/32'} ACTIVE true 2020-04-23T08:58:55.000Z 2017-03-03T22:05:24.000Z MyZone nzoqsmcx1qWYJ6wY33h7 {'type': 'CIDR', 'value': '3.3.3.4/32'},
{'type': 'CIDR', 'value': '5.5.5.3/32'},
{'type': 'CIDR', 'value': '3.3.3.1/32'},
{'type': 'CIDR', 'value': '2.2.2.3/32'}ACTIVE false 2020-06-05T08:57:57.000Z 2020-04-06T22:23:12.000Z
#
okta-update-zoneUpdate an Okta Zone
#
Base Commandokta-update-zone
#
InputArgument Name | Description | Required |
---|---|---|
zoneID | Zone ID to update, e.g., nzoqsmcx1qWYJ6wY33h7. | Required |
zoneName | Updates the zone name. | Optional |
gatewayIPs | Updates Gateway IP addresses: CIDR range (1.1.0.0/16) or single IP address (2.2.2.2). | Optional |
proxyIPs | Update Proxy IP addresses: CIDR range (1.1.0.0/16) or single IP address (2.2.2.2). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Okta.Zone.created | Date | Zone creation timestamp, e.g., 2020-04-06T22:23:12.000Z. |
Okta.Zone.gateways.type | String | Gateways IP entry type, e.g., CIDR. |
Okta.Zone.gateways.value | String | Gateways IP entry value, e.g., 1.2.1.2/32. |
Okta.Zone.id | String | Okta Zone ID, e.g., nzoqsmcx1qWYJ6wY33h7. |
Okta.Zone.lastUpdated | Date | Zone last update timestamp, in the format 2020-04-06T22:23:12.000Z. |
Okta.Zone.name | String | Zone name. |
Okta.Zone.proxies.type | String | Proxies IP entry type, e.g., CIDR. |
Okta.Zone.proxies.value | Unknown | Proxies IP entry value, e.g., 1.2.1.2/32. |
Okta.Zone.status | String | Zone status, e.g., ACTIVE. |
Okta.Zone.system | Number | True if this is a system zone, false if user-created. |
Okta.Zone.type | String | Zone type, e.g., IP. |
#
Command Example!okta-update-zone zoneID=nzoqsmcx1qWYJ6wY33h7 zoneName=MyZone
#
Context Example#
Human Readable Output#
Okta Zones
name id gateways status system lastUpdated created MyZone nzoqsmcx1qWYJ6wY33h7 {'type': 'CIDR', 'value': '1.3.1.5/32'},
{'type': 'CIDR', 'value': '1.3.1.5/32'},
{'type': 'CIDR', 'value': '1.3.1.5/32'},
{'type': 'CIDR', 'value': '1.3.1.5/32'}ACTIVE false 2020-06-05T08:57:57.000Z 2020-04-06T22:23:12.000Z
#
okta-get-zoneGet a Zone by its ID
#
Base Commandokta-get-zone
#
InputArgument Name | Description | Required |
---|---|---|
zoneID | Zone ID to get, e.g., nzoqsmcx1qWYJ6wY33h7 | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Okta.Zone.created | Date | Zone creation timestamp, in the format 2020-04-06T22:23:12.000Z. |
Okta.Zone.gateways.type | String | Gateways IP entry type, e.g., CIDR. |
Okta.Zone.gateways.value | String | Gateways IP entry value, e.g., 1.2.1.2/32. |
Okta.Zone.id | String | Okta Zone ID, e.g., nzoqsmcx1qWYJ6wY33h7. |
Okta.Zone.lastUpdated | Date | Zone last update timestamp, in the format 2020-04-06T22:23:12.000Z. |
Okta.Zone.name | String | Zone name. |
Okta.Zone.proxies.type | String | Proxies IP entry type, e.g., CIDR. |
Okta.Zone.proxies.value | Unknown | Proxies IP entry value, e.g., 1.2.1.2/32. |
Okta.Zone.status | String | Zone status, e.g,. ACTIVE. |
Okta.Zone.system | Number | True if this is a system zone, false if user-created. |
Okta.Zone.type | String | Zone type, e.g., IP. |
#
Command Example!okta-get-zone zoneID=nzoqsmcx1qWYJ6wY33h7
#
Context Example#
Human Readable Output#
Okta Zones
name id gateways status system lastUpdated created MyZone nzoqsmcx1qWYJ6wY33h7 {'type': 'CIDR', 'value': '1.3.1.3/32'},
{'type': 'CIDR', 'value': '3.5.146.103/32'},
{'type': 'CIDR', 'value': '3.5.1.228/32'},
{'type': 'CIDR', 'value': '3.5.1.229/32'}ACTIVE false 2020-06-05T08:57:57.000Z 2020-04-06T22:23:12.000Z