Okta IAM

Note: This integration should be used along with our IAM premium pack. For further details, visit our IAM pack documentation.

Integrate with Okta's Identity Access Management service to execute CRUD operations to employee lifecycle processes. This integration was integrated and tested with version v1 of Okta. For more information, please refer to the Identity Lifecycle Management article.

Configure Okta IAM on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Okta IAM.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
urlOkta URL (https://<domain>.okta.com)True
apitokenAPI Token (see Detailed Instructions)True
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
create-user-enabledCreate User Command EnabledFalse
update-user-enabledUpdate User Command EnabledFalse
enable-disable-user-enabledEnable/Disable User Commands EnabledFalse
mapper-inIncoming MapperTrue
mapper-outOutgoing MapperTrue
  • To allow the integration to access the mapper from within the code, as required by the ILM pack, both mappers have to be configured in their proper respective fields and not in the "Mapper (outgoing)" dropdown list selector.
  1. Click Test to check that you are able to connect to the integration.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

iam-create-user


Creates a user.

Base Command

iam-create-user

Input

Argument NameDescriptionRequired
user-profileUser Profile indicator details.Required

Context Output

PathTypeDescription
IAM.Vendor.activeBooleanIf true, the employee's status is active, otherwise false.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIndicates if the command executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example

!iam-create-user user-profile={\"email\":\"testdemisto2@paloaltonetworks.com\", \"lastname\":\"Test\",\"firstname\":\"Demisto\"} using=Okta_IAM

Human Readable Output

Create User Results (Okta IAM)

brandinstanceNamesuccessactiveidusernameemaildetails
Okta IAMOkta IAM_instance_1truetrue00uujxnbh3uJw4tWA0h7testdemisto2@paloaltonetworks.comtestdemisto2@paloaltonetworks.comid: 00uujxnbh3uJw4tWA0h7
status: PROVISIONED
created: 2020-10-18T17:54:30.000Z
activated: 2020-10-18T17:54:30.000Z
statusChanged: 2020-10-18T17:54:30.000Z
lastLogin: null
lastUpdated: 2020-10-18T17:54:30.000Z
passwordChanged: null
type: {"id": "oty8zfz6plq7b0r830h7"}
profile: {"firstName": "Demisto", "lastName": "Test", "mobilePhone": null, "secondEmail": null, "login": "testdemisto2@paloaltonetworks.com", "email": "testdemisto44@paloaltonetworks.com"}
credentials: {"provider": {"type": "OKTA", "name": "OKTA"}}
_links: {"suspend": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/suspend", "method": "POST"}, "schema": {"href": "https://panw-test.oktapreview.com/api/v1/meta/schemas/user/osc8zfz6plq7b0r830h7"}, "resetPassword": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/reset_password", "method": "POST"}, "reactivate": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/reactivate", "method": "POST"}, "self": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7"}, "type": {"href": "https://panw-test.oktapreview.com/api/v1/meta/types/user/oty8zfz6plq7b0r830h7"}, "deactivate": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/deactivate", "method": "POST"}}

iam-update-user


Updates an existing user with the data passed in the user-profile argument.

Base Command

iam-update-user

Input

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required
create-if-not-existsWhen true, the user will be created when the passed User Profile doesn't exist in Active Directory. Default is 'true'.Optional

Context Output

PathTypeDescription
IAM.Vendor.activeBooleanIf true, indicates that the employee's status is active.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanTrue indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example

!iam-update-user user-profile={\"email\":\"testdemisto2@paloaltonetworks.com\", \"firstname\":\"Demisto-Test\"}

Human Readable Output

Update User Results (Okta IAM)

brandinstanceNamesuccessactiveidusernameemaildetails
Okta IAMOkta IAM_instance_1truetrue00uujxnbh3uJw4tWA0h7testdemisto2@paloaltonetworks.comtestdemisto2@paloaltonetworks.comid: 00uujxnbh3uJw4tWA0h7
status: PROVISIONED
created: 2020-10-18T17:54:30.000Z
activated: 2020-10-18T17:54:30.000Z
statusChanged: 2020-10-18T17:54:30.000Z
lastLogin: null
lastUpdated: 2020-10-18T17:56:53.000Z
passwordChanged: null
type: {"id": "oty8zfz6plq7b0r830h7"}
profile: {"firstName": "Demisto-Test", "lastName": "Test", "mobilePhone": null, "secondEmail": null, "login": "testdemisto2@paloaltonetworks.com", "email": "testdemisto2@paloaltonetworks.com"}
credentials: {"provider": {"type": "OKTA", "name": "OKTA"}}
_links: {"suspend": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/suspend", "method": "POST"}, "schema": {"href": "https://panw-test.oktapreview.com/api/v1/meta/schemas/user/osc8zfz6plq7b0r830h7"}, "resetPassword": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/reset_password", "method": "POST"}, "reactivate": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/reactivate", "method": "POST"}, "self": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7"}, "type": {"href": "https://panw-test.oktapreview.com/api/v1/meta/types/user/oty8zfz6plq7b0r830h7"}, "deactivate": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/deactivate", "method": "POST"}}

iam-get-user


Retrieves a single user resource.

Base Command

iam-get-user

Input

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example

!iam-get-user user-profile={\"email\":\"testdemisto2@paloaltonetworks.com\"}

Human Readable Output

Get User Results (Okta IAM)

brandinstanceNamesuccessactiveidusernameemaildetails
Okta IAMOkta IAM_instance_1truetrue00uujxnbh3uJw4tWA0h7testdemisto2@paloaltonetworks.comtestdemisto2@paloaltonetworks.comid: 00uujxnbh3uJw4tWA0h7
status: PROVISIONED
created: 2020-10-18T17:54:30.000Z
activated: 2020-10-18T17:54:30.000Z
statusChanged: 2020-10-18T17:54:30.000Z
lastLogin: null
lastUpdated: 2020-10-18T17:56:53.000Z
passwordChanged: null
type: {"id": "oty8zfz6plq7b0r830h7"}
profile: {"firstName": "Demisto-Test", "lastName": "Test", "mobilePhone": null, "secondEmail": null, "login": "testdemisto2@paloaltonetworks.com", "email": "testdemisto2@paloaltonetworks.com"}
credentials: {"provider": {"type": "OKTA", "name": "OKTA"}}
_links: {"suspend": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/suspend", "method": "POST"}, "schema": {"href": "https://panw-test.oktapreview.com/api/v1/meta/schemas/user/osc8zfz6plq7b0r830h7"}, "resetPassword": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/reset_password", "method": "POST"}, "reactivate": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/reactivate", "method": "POST"}, "self": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7"}, "type": {"href": "https://panw-test.oktapreview.com/api/v1/meta/types/user/oty8zfz6plq7b0r830h7"}, "deactivate": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/deactivate", "method": "POST"}}

iam-disable-user


Disable an active user.

Base Command

iam-disable-user

Input

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example

!iam-disable-user user-profile={\"email\":\"testdemisto2@paloaltonetworks.com\"}

Human Readable Output

Disable User Results (Okta IAM)

brandinstanceNamesuccessactiveidusernameemaildetails
Okta IAMOkta IAM_instance_1truefalse00uujxnbh3uJw4tWA0h7testdemisto2@paloaltonetworks.comtestdemisto2@paloaltonetworks.comid: 00uujxnbh3uJw4tWA0h7
status: PROVISIONED
created: 2020-10-18T17:54:30.000Z
activated: 2020-10-18T17:54:30.000Z
statusChanged: 2020-10-18T17:54:30.000Z
lastLogin: null
lastUpdated: 2020-10-18T17:56:53.000Z
passwordChanged: null
type: {"id": "oty8zfz6plq7b0r830h7"}
profile: {"firstName": "Demisto-Test", "lastName": "Test", "mobilePhone": null, "secondEmail": null, "login": "testdemisto2@paloaltonetworks.com", "email": "testdemisto2@paloaltonetworks.com"}
credentials: {"provider": {"type": "OKTA", "name": "OKTA"}}
_links: {"self": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7"}}

iam-enable-user


Enable a deprovisioned user.

Base Command

iam-enable-user

Input

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required
create-if-not-existsWhen true, the user will be created when the passed User Profile doesn't exist in AD. Default is 'true'.Optional

Context Output

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example

!iam-enable-user user-profile={\"email\":\"testdemisto2@paloaltonetworks.com\"}

Human Readable Output

Enable User Results (Okta IAM)

brandinstanceNamesuccessactiveidusernameemaildetails
Okta IAMOkta IAM_instance_1truetrue00uujxnbh3uJw4tWA0h7testdemisto2@paloaltonetworks.comtestdemisto2@paloaltonetworks.comid: 00uujxnbh3uJw4tWA0h7
status: DEPROVISIONED
created: 2020-10-18T17:54:30.000Z
activated: 2020-10-18T17:54:30.000Z
statusChanged: 2020-10-18T17:54:30.000Z
lastLogin: null
lastUpdated: 2020-10-18T17:56:53.000Z
passwordChanged: null
type: {"id": "oty8zfz6plq7b0r830h7"}
profile: {"firstName": "Demisto-Test", "lastName": "Test", "mobilePhone": null, "secondEmail": null, "login": "testdemisto2@paloaltonetworks.com", "email": "testdemisto2@paloaltonetworks.com"}
credentials: {"provider": {"type": "OKTA", "name": "OKTA"}}
_links: {"self": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7"}}