Okta SSO provides audit logging for user authentication and resource access. Cyderes utilizes this information to track for user behaviors.
Chronicle also supports user context and aliasing for this data source. This functionality aliases different identities together using automated data sources to provide a unified timeline of combined endpoint and network activity. This functionality will be turned on with initial deployment of the Okta data source integration.
- OKTA_CONTEXT (for user context and aliasing)
Okta currently creates API token with the permission set of the user creating the API token. If having limited permission for the API token is preferred, create an admin user account with a Read Only permissions set and generate the API token from that account.
- In the Okta Admin console, navigate to Security -> API
- Select the Tokens option
- Select Create Token
- Name the token "Cyderes" and selection Create Token
- Record the "Token Value"
Provide the following information to Cyderes to complete implementation of both the integration and user context and aliasing feature for this data source:
- Okta URL - company specific Okta URL
- Okta API token generated