- Create an Okta API Token
- Define Okta Credential and Associate It with an IP Address
- Discover Okta Users
- Log in to Okta using your Okta credentials.
- Got to Administration > Security > API Tokens.
- Click Create Token.
You will use this token when you set up the Okta login credentials in the next section. Note that this token will have the same permissions as the person who generated it.
Take the following steps from these sections:
Complete these steps in the FortiSIEM UI by first logging in to the FortiSIEM Supervisor node.
- Go to the ADMIN > Setup > Credentials tab.
- In Step 1: Enter Credentials:
- Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
- Enter these settings in the Access Method Definition dialog box and click Save. Your LDAP credentials will be added after clicking Save.
Settings Description Name Enter a name for the credential Device Type OKTA.com OKTA Access Protocol OKTA API Pull Interval Enter how often, in minutes, you want FortiSIEM to pull information from Okta. Domain Enter the NetBIOS/Domain associated with your Okta account.
Enter the security token information.
Organization The organization the device belongs to. Description Description of the device.
From the FortiSIEM Supervisor node, take the following steps.
- In Step 2: Enter IP Range to Credential Associations, click New.
- Enter the IP range or host name for your Okta account in the IP/Host Name field.
- Select your Okta credentials from the Credentials drop-down list created in Define Okta Credential in FortiSIEM step 2a.
- Click Save. Your Okta credentials will appear in the list of credential/IP address associations in Step 2: Enter IP Range to Credential Associations.
- Select the entry just created and click the Test drop-down list and select Test Connectivity to make sure you can connect to the Okta server. A pop up will appear and show the Test Connectivity results.
If the number of users are less than 200, then Test Connectivity will discover all the users.
Okta API has some restrictions that does not allow FortiSIEM to pull more than 200 users. In this case, follow these steps:
- Login to Okta.
- Download user list CSV file (OktaPasswordHealth.csv) from Admin > Reports > Okta Password Health.
- Rename the CSV file to
%sis the placeholder of token obtained in Create an Okta API Token - Step 3, for example,
- Login to FortiSIEM Supervisor node:
- Upload csv file
all_user_list_%s.csvto this directory
- Make sure the permissions are admin and admin (Run "
chown -R admin:admin /opt/phoenix/config/okta/")
- Go to ADMIN > Setup > Credentials, and in Step 2: Enter IP Range to Credential Associations, select the Okta entry, click on the Test drop-down list and select Test Connectivity to import all users.
- Upload csv file