Okta

AuthTeams

Overview

Okta is an identity and access management (IAM) platform. Integrate Cortex with Okta to drive insights into authentication and ownership.

After configuring the integration, you can set Okta teams and team members as owners of entities.

For information on configuring Okta SSO or Okta SCIM for logging in to Cortex, see the Okta SSO documentation and Okta SCIM documentation.

How to configure Okta with Cortex

Prerequisites

Before getting started:

An Okta administrator, with at least the View groups permissions, must create an Okta API token.
- Grant the following scopes for the API token:
  - okta.groups.read
  - okta.profileMappings.read
  - okta.users.read
Obtain your Okta domain.
- This can be found in the prefix of your Okta URL. For example, https://domain.okta.com.

Configure the integration in Cortex

In Cortex, navigate to the Okta settings page:
1. In Cortex, click your avatar in the lower left corner, then click Settings.
2. Under "Integrations", click Okta.
Configure the Okta integration form:
- Domain: Enter your Okta domain.
- API token: Enter your Okta API token.
- Group types: Specify which group types to include.
Click Save.

caution

If you do not see the settings page you're looking for, you may not have permission to access that page. Please contact your admin for assistance.

How to connect Cortex entities to Okta

Import teams from Okta

To import teams:

In the main nav of Cortex, click Catalogs > All entities.
On the right side of the Entities page, click Import entities.
Select the entity type (Team).
On the "Import entities" page, select Okta.
A list of discovered entities will appear. Click an entity to add it.
When you are finished adding entities, click Add.

Team data syncs from Okta daily at 3 p.m. UTC.

Editing the entity descriptor

You can define the following block in your Cortex entity descriptor to add your Okta group as an owner.

x-cortex-owners:
  - type: group
    name: Engineering # group name in Okta
    provider: OKTA
    description: This is a description for this owner # optional

The group name is case-sensitive and should be exactly the same as in Okta.

Scorecards and CQL

With the Okta integration, you can create Scorecard rules and write CQL queries based on Okta teams.

See more examples in the CQL Explorer in Cortex.

All ownership details

A special built-in type that supports a null check or a count check, used to enforce ownership of entities.

Definition: ownership: Ownership | Null

Example

An initial level in a security Scorecard might include a rule to ensure an entity has at least one team as an owner:

ownership.teams().length > 0

All owner details

List of owners, including team members and individual users, for each entity

Definition: ownership.allOwners()

Example

The Scorecard might include a rule to ensure that entity owners all have an email set:

ownership.allOwners().all((member) => member.email != null)

Background sync

Cortex conducts an ownership sync for Okta teams every day at 3 p.m. UTC.

Troubleshooting and FAQ

To set up Okta for SSO, use the Okta SSO guide.

Still need help?

The following are all the ways to get assistance from our customer engineering team. Please use the option that is best for your users:

Email: help@cortex.io, or open a support ticket in the in app Resource Center
Chat: Available in the Resource Center
Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a :ticket: reaction to a question in Slack, and the team will respond directly.

Don’t have a Slack channel? Talk with your customer success manager.

Overview​

How to configure Okta with Cortex​

Prerequisites​

Configure the integration in Cortex​

How to connect Cortex entities to Okta​

Import teams from Okta​

Editing the entity descriptor​

Scorecards and CQL​

Background sync​

Troubleshooting and FAQ​

I've added an API token but the login is still using Google.​

Still need help?​