Okta
Okta is a platform in the Identity-as-a-Service (IDaaS) category, which gives you and your colleagues access to all other (company) software with one login.
Supported Actions and Example Prompts
The following table lists the supported actions and prompt examples for an action:
Action Name | Description | Prompt Example |
|---|---|---|
Expire User Password | This action generates a One-Time Token (OTT) that can be used to reset a user's password. This operation transitions the user to the recovery status, and the user cannot log in. For more information, see Action: Expire User Password. | Expire the password of the user ID 00ub0ongtswtbkolglnr using Okta. |
Find User | This action searches for a specific user. For more information, see Action: Find User. | Find the user John Doe in Okta |
List Users | This action returns a list of all users who do not have a status of de-provisioned. For most organizations, this action returns up to a maximum of 200. For more information, see Action: List Users. | List all users that do not have a status of de-provisioned in Okta. |
Remove User From Group | This action removes a specific user from a group. For more information, see Action: Remove User From Group. | Remove the user 00ub0ongtswtbkolglnr from the group 00ub0ongtswtbkolglnr in Okta. |
Suspend User | This action suspends a user, and the operation can only be performed on users with an active status. When the process is complete, the user's status is suspended. For more information, see Action: Suspend User. | Suspend the user 00ub0ongtswtbkolglnr in Okta. |
Unsuspend User | This action unsuspends a user and returns them to the active state. This operation can only be performed on users who have a suspended status. For more information, see Action: Unsuspend User. | Unsuspend the user 00ub0ongtswtbkolglnr in Okta. |
Install and Configure the App
Install and configure the required apps to enable Quarterback AI to perform various security-related tasks and provide relevant responses. After installing an app, you must create an instance that will be used to communicate with the app endpoints. An app can have multiple instances, and you can set a default instance from the configured instance list.
Before you Start
Ensure that you have the API token to authenticate with the Okta app.
Steps
To install and configure an app, follow these steps:
Go to the application, in the left pane, select Quarterback AI.
In Apps, select Okta and click Install.
After the app is installed, click Configure and enter the following details to create an instance:
Instance Name: Enter a name for the instance.
Instance Description: Enter a description for the instance.
Expiry: Select an expiry date for the instance.
Set as default instance: Select this option to set this instance as the default instance.
Base URL: Enter the base URL to be used for executing all actions. For example, https://server_fqdn:port.
API Token: Enter the API token to be used for executing all actions.
Timeout: Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Okta. You can enter values between 15 - 120 seconds. By default, 15 seconds is set.
Verify: Select this option to verify SSL while making requests. It is recommended to select this option to ensure a secure connection. By default, this option is not selected.
Click Done.
The instance is created, and you can view it in Instances. To create another instance, click Add Instance.
Action: Expire User Password
This action expires a users password so that they are required to change their password at their next login. If the temporary password is included in the request, the user's password is reset to a temporary password that is returned, and then the temporary password is expired.
If you have integrated Okta with your on-premise Active Directory (AD), then setting a user's password as expired in Okta also expires the password in Active Directory. When the user tries to log in to Okta, delegated authentication finds the password-expired status in the Active Directory, and the user is presented with the password-expired page where he or she can change the password.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User ID | Enter the user ID. Example: 00ub0ongtswtbkolglnr | Text | Required | |
Set Temporary Password | Sets the user's password to temporary password. Example: If the temporary password value is set to true, the user's password is set as temporary password. | Boolean | Optional | Default value: false |
Example Request
[
{
"user_id": "00u2ndtlfiyNGDQgq5d7"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
id | String | Unique identifier for the user. Example: "00ub0oNGTSWTBKOLGLNR" |
status | String | The current status of the user. Example: "STAGED" |
created | String | The timestamp when the user was created, in ISO 8601 format. Example: "2013-07-02T21:36:25.344Z" |
activated | String | The timestamp when the user was activated, in ISO 8601 format, or null if not activated. |
statusChanged | String | The timestamp when the status last changed, in ISO 8601 format, or null if not changed. |
lastLogin | String | The timestamp when the user last logged in, in ISO 8601 format, or null if never logged in. Example: null |
lastUpdated | String | The timestamp when the user was last updated, in ISO 8601 format. Example: "2013-07-02T21:36:25.344Z" |
passwordChanged | String | The timestamp when the password was last changed, in ISO 8601 format, or null if not changed. Example: null |
profile | Object | An object containing the user's profile information. |
profile.firstName | String | The user's first name. Example: "Isaac" |
profile.lastName | String | The user's last name. Example: "Brock" |
profile.email | String | The user's email address. Example: "isaac.brock@example.com" |
profile.login | String | The user's login name. Example: "isaac.brock@example.com" |
profile.mobilePhone | String | The user's mobile phone number. Example: "555-415-1337" |
credentials | Object | An object containing credential-related information. |
credentials.provider | Object | An object containing information about the credential provider. Example: { "type": "OKTA", "name": "OKTA" } |
credentials.provider.type | String | The type of credential provider. Example: "OKTA" |
credentials.provider.name | String | The name of the credential provider. Example: "OKTA" |
_links | Object | An object containing hypermedia links related to the user. |
_links.resetPassword.href | String | The URL to reset the user's password. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_password" |
_links.resetFactors.href | String | The URL to reset the user's authentication factors. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_factors" |
_links.expirePassword.href | String | The URL to expire the user's password. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/expire_password" |
_links.forgotPassword.href | String | The URL to initiate the forgot password flow. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/forgot_password" |
_links.changeRecoveryQuestion.href | String | The URL to change the user's recovery question. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/change_recovery_question" |
_links.deactivate.href | String | The URL to deactivate the user. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/deactivate" |
_links.changePassword.href | String | The URL to change the user's password. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/change_password" |
Action: Find User
This action searches for the specific user.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User to Find | Enter first name, last name, or email of the user. Example: John | Text | Required | |
Limit | Enter the number of users to list. | Integer | Optional | Default value: 1 |
Example Request
[
{
"user_to_find": "John"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
id | String | Unique identifier for the user. Example: "00ub0oNGTSWTBKOLGLNR" |
status | String | The current status of the user. Example: "STAGED" |
created | String | The timestamp when the user was created, in ISO 8601 format. Example: "2013-07-02T21:36:25.344Z" |
activated | String | The timestamp when the user was activated, in ISO 8601 format, or null if not activated. |
statusChanged | String | The timestamp when the status last changed, in ISO 8601 format, or null if not changed. |
lastLogin | String | The timestamp when the user last logged in, in ISO 8601 format, or null if never logged in. Example: null |
lastUpdated | String | The timestamp when the user was last updated, in ISO 8601 format. Example: "2013-07-02T21:36:25.344Z" |
passwordChanged | String | The timestamp when the password was last changed, in ISO 8601 format, or null if not changed. Example: null |
profile | Object | An object containing the user's profile information. |
profile.firstName | String | The user's first name. Example: "Isaac" |
profile.lastName | String | The user's last name. Example: "Brock" |
profile.email | String | The user's email address. Example: "isaac.brock@example.com" |
profile.login | String | The user's login name. Example: "isaac.brock@example.com" |
profile.mobilePhone | String | The user's mobile phone number. Example: "555-415-1337" |
credentials | Object | An object containing credential-related information. |
credentials.provider | Object | An object containing information about the credential provider. Example: { "type": "OKTA", "name": "OKTA" } |
credentials.provider.type | String | The type of credential provider. Example: "OKTA" |
credentials.provider.name | String |
|
Long | The ID of the asset. |
|
Long | The ID of the domain this asset belongs to. | The URL to the user's profile. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"" |
Action: List Users
This action lists all users that do not have a status of deprovisioned.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Specify the number of users returned (maximum 200). | Integer | Optional | |
User to Fetch after | Specify the pagination cursor for the next page of users. | Text | Optional |
Example Request
[
{
"limit": 20
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
id | String | The ID of the user. For example, "00ub0oNGTSWTBKOLGLNR". |
status | String | The status of the user account. For example, "ACTIVE". |
created | String | The timestamp when the user was created. For example, "2013-06-24T16:39:18.000Z". |
activated | String | The timestamp when the user account was activated. For example, "2013-06-24T16:39:19.000Z". |
statusChanged | String | The timestamp when the user account status was last changed. For example, "2013-06-24T16:39:19.000Z". |
lastLogin | String | The timestamp of the user's last login. For example, "2013-06-24T17:39:19.000Z". |
lastUpdated | String | The timestamp when the user profile was last updated. For example, "2013-07-02T21:36:25.344Z". |
passwordChanged | String | The timestamp when the user's password was last changed. For example, "2013-07-02T21:36:25.344Z". |
profile | Object | Profile details of the user. |
profile.firstName | String | The first name of the user. For example, "Isaac". |
profile.lastName | String | The last name of the user. For example, "Brock". |
profile.email | String | The email address of the user. For example, "isaac.brock@example.com". |
profile.mobilePhone | String | The mobile phone number of the user. For example, "555-415-1337". |
credentials | Object | Credential details of the user. |
credentials.password | Object | The user's password information. |
credentials.recovery_question | Object | Details of the user's recovery question. |
credentials.provider | Object | The name and type of the authentication provider. |
_links | Object | The URL to retrieve the user's details. |
Action: Remove User From Group
This action removes a user from a group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group ID | Enter the group ID. Example: 00g2k73tukPDiTWvN5d7 | Text | Required | |
User ID | Enter the user ID. Example: 00ub0ongtswtbkolglnr | Text | Required |
Example Request
[
{
"user_id": "00u2ndudhttUauH6Q5d7",
"group_id": "00g2k73tukPDiTWvN5d7"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
Status Code | Integer | The HTTP status code indicating successful operation with no content in the response body. For example, "HTTP/1.1 204 No Content". |
Action: Suspend User
This operation can only be performed on users with an ACTIVE status. The user has a status of SUSPENDED when the process is complete.
Suspended users:
Can't log in to Okta.
Their group and app assignments are retained and can only be unsuspended or deactivated.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User ID | Enter the user ID that needs to be suspended. Example: 00ub0ongtswtbkolglnr | Text | Required |
Example Request
[
{
"user_id": "00ub0ongtswtbkolglnr"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
Status Code | Integer | The HTTP status code indicating successful operation. For example, "HTTP/1.1 200 OK". |
Action: Unsuspend User
This action unsuspends a user and returns them to the active state. This operation can only be performed on users that have a suspended status.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User ID | Enter the user ID that needs to be unsuspended. Example: 00ub0ongtswtbkolglnr | Text | Required |
Example Request
[
{
"user_id": "00ub0ongtswtbkolglnr"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
Status Code | Integer | The HTTP status code indicating successful operation. For example, "HTTP/1.1 200 OK". |