- Create an Okta API Token
- Create Login Credentials and Associate Them with an IP Address
- Discover Okta Users
- Log in to Okta using your Okta credentials.
- Got to Administration > Security > API Tokens.
- Click Create Token.
You will use this token when you set up the Okta login credentials in the next section. Note that this token will have the same permissions as the person who generated it.
- Log in to your Supervisor node.
- Go to ADMIN > Setup > Credentials.
- Enter a Name.
- For Device Type, select Okta.com.
- For Access Protocol, select Okta API.
- Enter the NetBIOS/Domain associated with your Okta account.
- For Pull Interval, enter how often, in minutes, you want FortiSIEM to pull information from Okta.
- Enter and reconfirm the Security Token you created.
- Click Save.
Your LDAP credentials will be added to the list of Credentials.
- Under Enter IP Range to Credential Associations, click Add.
- Select your Okta credentials from the list of Credentials.
- Enter the IP range or host name for your Okta account.
- Click OK.
Your Okta credentials will appear in the list of credential/IP address associations.
- Click Test Connectivity to make sure you can connect to the Okta server.
If the number of users are less than 200, then Test Connectivity will discover all the users.
Okta API has some restrictions that does not allow FortiSIEM to pull more than 200 users. In this case, follow these steps:
- Login to Okta.
- Download user list CSV file (OktaPasswordHealth.csv) from Admin > Reports > Okta Password Health.
- Rename the CSV file to
%sis the placeholder of token obtained in Create an Okta API Token - Step 3, for example,
- Login to FortiSIEM Supervisor node:
- Upload csv file
all_user_list_%s.csvto this directory
- Make sure the permissions are admin and admin (Run "
chown -R admin:admin /opt/phoenix/config/okta/")
- Go to ADMIN > Setup > Enter IP Range to Credential Associations. Select the Okta entry and run Test connectivity to import all users.
- Upload csv file