Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Adding Users from Okta

Create an Okta API Token
  1. Log in to Okta using your Okta credentials. 
  2. Got to Administration > Security > API Tokens.
  3. Click Create Token.
    You will use this token when you set up the Okta login credentials in the next section. Note that this token will have the same permissions as the person who generated it. 
Define Okta Credential and Associate It with an IP Address

Take the following steps from these sections:

Define Okta Credential in FortiSIEM

Complete these steps in the FortiSIEM UI by first logging in to the FortiSIEM Supervisor node.

  1. Go to the ADMIN > Setup > Credentials tab.
  2. In Step 1: Enter Credentials:
    1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
    2. Enter these settings in the Access Method Definition dialog box and click Save. Your LDAP credentials will be added after clicking Save.
    1. Settings Description
      Name Enter a name for the credential
      Device Type OKTA.com OKTA
      Access Protocol OKTA API
      Pull Interval Enter how often, in minutes, you want FortiSIEM to pull information from Okta.
      Domain Enter the NetBIOS/Domain associated with your Okta account.
      For example, FortiSIEM.okta.com

      Security Token

      Enter the security token information.

      Organization The organization the device belongs to.
      Description Description of the device.
  • Create IP Range to Credential Association and Test Connectivity

    From the FortiSIEM Supervisor node, take the following steps.

    1. In Step 2: Enter IP Range to Credential Associations, click New.
      1. Enter the IP range or host name for your Okta account in the IP/Host Name field.
      2. Select your Okta credentials from the Credentials drop-down list created in Define Okta Credential in FortiSIEM step 2a.
      3. Click Save. Your Okta credentials will appear in the list of credential/IP address associations in Step 2: Enter IP Range to Credential Associations.
    2. Select the entry just created and click the Test drop-down list and select Test Connectivity to make sure you can connect to the Okta server. A pop up will appear and show the Test Connectivity results.
    Discover Okta Users

    If the number of users are less than 200, then Test Connectivity will discover all the users.

    Okta API has some restrictions that does not allow FortiSIEM to pull more than 200 users. In this case, follow these steps:

    1. Login to Okta.
    2. Download user list CSV file (OktaPasswordHealth.csv) from Admin > Reports > Okta Password Health.
    3. Rename the CSV file to all_user_list_%s.csv (where %s is the placeholder of token obtained in Create an Okta API Token - Step 3, for example, all_user_list_00UbCrgrU9b1Uab0cHCuup-5h-6Hi9ItokVDH8nRRT.csv).
    4. Login to FortiSIEM Supervisor node:
      1. Upload csv file all_user_list_%s.csv to this directory /opt/phoenix/config/okta/
      2. Make sure the permissions are admin and admin (Run "chown -R admin:admin /opt/phoenix/config/okta/")
      3. Go to ADMIN > Setup > Credentials, and in Step 2: Enter IP Range to Credential Associations, select the Okta entry, click on the Test drop-down list and select Test Connectivity to import all users.

    Adding Users from Okta

    Create an Okta API Token
    1. Log in to Okta using your Okta credentials. 
    2. Got to Administration > Security > API Tokens.
    3. Click Create Token.
      You will use this token when you set up the Okta login credentials in the next section. Note that this token will have the same permissions as the person who generated it. 
    Define Okta Credential and Associate It with an IP Address

    Take the following steps from these sections:

    Define Okta Credential in FortiSIEM

    Complete these steps in the FortiSIEM UI by first logging in to the FortiSIEM Supervisor node.

    1. Go to the ADMIN > Setup > Credentials tab.
    2. In Step 1: Enter Credentials:
      1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
      2. Enter these settings in the Access Method Definition dialog box and click Save. Your LDAP credentials will be added after clicking Save.
    1. Settings Description
      Name Enter a name for the credential
      Device Type OKTA.com OKTA
      Access Protocol OKTA API
      Pull Interval Enter how often, in minutes, you want FortiSIEM to pull information from Okta.
      Domain Enter the NetBIOS/Domain associated with your Okta account.
      For example, FortiSIEM.okta.com

      Security Token

      Enter the security token information.

      Organization The organization the device belongs to.
      Description Description of the device.
  • Create IP Range to Credential Association and Test Connectivity

    From the FortiSIEM Supervisor node, take the following steps.

    1. In Step 2: Enter IP Range to Credential Associations, click New.
      1. Enter the IP range or host name for your Okta account in the IP/Host Name field.
      2. Select your Okta credentials from the Credentials drop-down list created in Define Okta Credential in FortiSIEM step 2a.
      3. Click Save. Your Okta credentials will appear in the list of credential/IP address associations in Step 2: Enter IP Range to Credential Associations.
    2. Select the entry just created and click the Test drop-down list and select Test Connectivity to make sure you can connect to the Okta server. A pop up will appear and show the Test Connectivity results.
    Discover Okta Users

    If the number of users are less than 200, then Test Connectivity will discover all the users.

    Okta API has some restrictions that does not allow FortiSIEM to pull more than 200 users. In this case, follow these steps:

    1. Login to Okta.
    2. Download user list CSV file (OktaPasswordHealth.csv) from Admin > Reports > Okta Password Health.
    3. Rename the CSV file to all_user_list_%s.csv (where %s is the placeholder of token obtained in Create an Okta API Token - Step 3, for example, all_user_list_00UbCrgrU9b1Uab0cHCuup-5h-6Hi9ItokVDH8nRRT.csv).
    4. Login to FortiSIEM Supervisor node:
      1. Upload csv file all_user_list_%s.csv to this directory /opt/phoenix/config/okta/
      2. Make sure the permissions are admin and admin (Run "chown -R admin:admin /opt/phoenix/config/okta/")
      3. Go to ADMIN > Setup > Credentials, and in Step 2: Enter IP Range to Credential Associations, select the Okta entry, click on the Test drop-down list and select Test Connectivity to import all users.