Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Okta provides identity management service for enterprises. The Okta Identity Cloud enables organizations to both secure and manage their extended enterprise, and transform their customers’ experiences.

This document provides information about the OKTA connector, which facilitates automated interactions, with an Okta server using FortiSOAR™ playbooks. Add the OKTA connector as a step in FortiSOAR™ playbooks and perform automated operations, such as creating and updating users in OKTA, retrieving user and group details from Okta, and activating and deactivating users in Okta.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with Okta Versions: 2.0 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

  • You must have the URL of OKTA server to which you will connect and perform the automated operations
  • You must have the API token used to access the Okta endpoint.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the OKTA connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL of the Okta server to which you will connect and perform the automated operations.
API Token API token that is configured for your account to access the Okta endpoint.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Create User Creates a user in your Okta organization based on the parameters such as the username and password you have specified. create_user
Investigation
Get List of Users Retrieves a list of all users configured in your Okta account, based on the query you have specified. get_user
Investigation
Get User Retrieves details for a user configured in your Okta account, based on the input parameters you have specified. get_user
Investigation
Get Groups Retrieves details for groups from your Okta organization. get_groups
Investigation
Update User Updates details for a user in your Okta organization based on the parameters such as the email ID, department, and address you have specified. update_user
Investigation
Set Password Sets a new password for a user in your Okta organization based user ID and new password you have specified. set_password
Investigation
Activate User Activates a user in your Okta organization based user ID you have specified. activate_user
Investigation
Deactivate User Deactivates a user from your Okta organization based user ID you have specified. deactivate_user
Investigation
Unlock User Unlocks a user in your Okta organization based user ID you have specified. unlock_user
Investigation

 

operation: Create User

Input parameters

 

Parameter Description
Username Username of the user that you want to create in your Okta organization. This is the name that the user would use to login to the system and it is in the form of a mail ID. For example, abc@example.com
Password Password to be set for the new user that you want to create in your Okta organization.
Note: Password requirements are: at least 8 characters, a lowercase letter, an uppercase letter, a number, and it must not contain any part of your username.
First Name First name of the user that you want to create in your Okta organization.
Last Name Last name of the user that you want to create in your Okta organization.
Mobile Phone Number (Optional) Mobile number of the user that you want to create in your Okta organization.

 

Output

The JSON output contains details such as credentials and profile of the newly created user retrieved from your Okta organization.

Following image displays a sample output:

 

Sample output of the Create User operation

 

operation: Get List of Users

Input parameters

 

Parameter Description
Query For Search Users Query on the basis of which you want to retrieve a list of users from your Okta organization.
For example, profile.mobilePhone+sw+\"7588623641\"+and+status+eq+\"ACTIVE\"

 

Output

The JSON output contains a list of users with details such as credentials and profile that is retrieved from your Okta organization and that match the query you have specified.

Following image displays a sample output:

 

Sample output of the Get List of Users operation

 

operation: Get User

Input parameters

 

Parameter Description
Get User By Criteria on the basis of which details are retrieved for users from your Okta organization.
You can choose from the following options: Get Current User, Get User with ID, Get User with Login(User Name), or Get User with Login Shortname(First Name).
Value Value of the parameter you have selected.
For example, if you select Get User with ID, then enter the ID of the user whose details you want to retrieve from your Okta organization.

 

Output

The JSON output contains details such as credentials and profile of the user that is retrieved from your Okta organization and that match the input parameters you have specified.

Following image displays a sample output:

 

Sample output of the Get User operation

 

operation: Get Groups

Input parameters

 

Parameter Description
No of Groups To Retrieve (Optional) Limits the number of groups (results) to be retrieved from your Okta organization.

 

Output

The JSON output contains details such as last membership updated date and profile of all the groups present in your Okta organization.

Following image displays a sample output:

 

Sample output of the Get Groups operation

 

operation: Update User

Input parameters

 

Parameter Description
User ID ID of the user whose details you want to update in your Okta organization.
All the following parameters are optional. You must enter the updated values for only those parameters that you want to update in your Okta organization.
First Name (Optional) Updated first name of the user that you want to update in your Okta organization.
Last Name (Optional) Updated last name of the user that you want to update in your Okta organization.
Nick Name (Optional) Updated nick name of the user that you want to update in your Okta organization.
Display Name (Optional) Updated display name of the user that you want to update in your Okta organization.
Email ID (Optional) Updated email ID of the user that you want to update in your Okta organization.
Second Email ID (Optional) Updated second email ID of the user that you want to update in your Okta organization.
Department (Optional) Updated Department of the user that you want to update in your Okta organization.
Mobile Phone (Optional) Updated mobile number of the user that you want to update in your Okta organization.
Primary Phone (Optional) Updated primary phone number of the user that you want to update in your Okta organization.
Street Address (Optional) Updated street address of the user that you want to update in your Okta organization.
City (Optional) Updated city of the user that you want to update in your Okta organization.
State (Optional) Updated state of the user that you want to update in your Okta organization.
Zip Code (Optional) Updated zip code of the user that you want to update in your Okta organization.
Country Code (Optional) Updated country code of the user that you want to update in your Okta organization.

 

Output

The JSON output contains details such as credentials and profile of the updated user retrieved from your Okta organization.

Following image displays a sample output:

 

Sample output of the Update User operation

 

operation: Set Password

Input parameters

 

Parameter Description
User ID ID of the user whose password you want to update in your Okta organization.
New Password New password to be set for the specified use in your Okta organization.
Note: Password requirements are: at least 8 characters, a lowercase letter, an uppercase letter, a number, and it must not contain any part of your username.

 

Output

The JSON output contains details such as credentials and profile of the user whose password has been reset from your Okta organization.

Following image displays a sample output:

 

Sample output of the Set Password operation

 

operation: Activate User

Input parameters

 

Parameter Description
User ID ID of the user who you want to activate in your Okta organization.

 

Output

The JSON output returns a blank (success) message if the user is activated successfully in your Okta organization, or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Activate User operation

 

operation: Deactivate User

Input parameters

 

Parameter Description
User ID ID of the user who you want to deactivate from your Okta organization.

 

Output

The JSON output returns a blank (success) message if the user is deactivated successfully from your Okta organization, or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Deactivate User operation

 

operation: Unlock User

Input parameters

 

Parameter Description
User ID ID of the user who you want to unlock in your Okta organization.

 

Output

The JSON output returns a blank (success) message if the user is unlocked successfully in your Okta organization, or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Unlock User operation

 

Included playbooks

The Sample - OKTA - 1.0.0 playbook collection comes bundled with the OKTA connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the OKTA connector.

  • okta: Activate User
  • okta: Create User
  • okta: Deactivate User
  • okta: Get Groups
  • okta: Get List of Users
  • okta: Get User
  • okta: Set Password
  • okta: Unlock User
  • okta: Updated User

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Okta provides identity management service for enterprises. The Okta Identity Cloud enables organizations to both secure and manage their extended enterprise, and transform their customers’ experiences.

This document provides information about the OKTA connector, which facilitates automated interactions, with an Okta server using FortiSOAR™ playbooks. Add the OKTA connector as a step in FortiSOAR™ playbooks and perform automated operations, such as creating and updating users in OKTA, retrieving user and group details from Okta, and activating and deactivating users in Okta.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with Okta Versions: 2.0 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the OKTA connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL of the Okta server to which you will connect and perform the automated operations.
API Token API token that is configured for your account to access the Okta endpoint.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Create User Creates a user in your Okta organization based on the parameters such as the username and password you have specified. create_user
Investigation
Get List of Users Retrieves a list of all users configured in your Okta account, based on the query you have specified. get_user
Investigation
Get User Retrieves details for a user configured in your Okta account, based on the input parameters you have specified. get_user
Investigation
Get Groups Retrieves details for groups from your Okta organization. get_groups
Investigation
Update User Updates details for a user in your Okta organization based on the parameters such as the email ID, department, and address you have specified. update_user
Investigation
Set Password Sets a new password for a user in your Okta organization based user ID and new password you have specified. set_password
Investigation
Activate User Activates a user in your Okta organization based user ID you have specified. activate_user
Investigation
Deactivate User Deactivates a user from your Okta organization based user ID you have specified. deactivate_user
Investigation
Unlock User Unlocks a user in your Okta organization based user ID you have specified. unlock_user
Investigation

 

operation: Create User

Input parameters

 

Parameter Description
Username Username of the user that you want to create in your Okta organization. This is the name that the user would use to login to the system and it is in the form of a mail ID. For example, abc@example.com
Password Password to be set for the new user that you want to create in your Okta organization.
Note: Password requirements are: at least 8 characters, a lowercase letter, an uppercase letter, a number, and it must not contain any part of your username.
First Name First name of the user that you want to create in your Okta organization.
Last Name Last name of the user that you want to create in your Okta organization.
Mobile Phone Number (Optional) Mobile number of the user that you want to create in your Okta organization.

 

Output

The JSON output contains details such as credentials and profile of the newly created user retrieved from your Okta organization.

Following image displays a sample output:

 

Sample output of the Create User operation

 

operation: Get List of Users

Input parameters

 

Parameter Description
Query For Search Users Query on the basis of which you want to retrieve a list of users from your Okta organization.
For example, profile.mobilePhone+sw+\"7588623641\"+and+status+eq+\"ACTIVE\"

 

Output

The JSON output contains a list of users with details such as credentials and profile that is retrieved from your Okta organization and that match the query you have specified.

Following image displays a sample output:

 

Sample output of the Get List of Users operation

 

operation: Get User

Input parameters

 

Parameter Description
Get User By Criteria on the basis of which details are retrieved for users from your Okta organization.
You can choose from the following options: Get Current User, Get User with ID, Get User with Login(User Name), or Get User with Login Shortname(First Name).
Value Value of the parameter you have selected.
For example, if you select Get User with ID, then enter the ID of the user whose details you want to retrieve from your Okta organization.

 

Output

The JSON output contains details such as credentials and profile of the user that is retrieved from your Okta organization and that match the input parameters you have specified.

Following image displays a sample output:

 

Sample output of the Get User operation

 

operation: Get Groups

Input parameters

 

Parameter Description
No of Groups To Retrieve (Optional) Limits the number of groups (results) to be retrieved from your Okta organization.

 

Output

The JSON output contains details such as last membership updated date and profile of all the groups present in your Okta organization.

Following image displays a sample output:

 

Sample output of the Get Groups operation

 

operation: Update User

Input parameters

 

Parameter Description
User ID ID of the user whose details you want to update in your Okta organization.
All the following parameters are optional. You must enter the updated values for only those parameters that you want to update in your Okta organization.
First Name (Optional) Updated first name of the user that you want to update in your Okta organization.
Last Name (Optional) Updated last name of the user that you want to update in your Okta organization.
Nick Name (Optional) Updated nick name of the user that you want to update in your Okta organization.
Display Name (Optional) Updated display name of the user that you want to update in your Okta organization.
Email ID (Optional) Updated email ID of the user that you want to update in your Okta organization.
Second Email ID (Optional) Updated second email ID of the user that you want to update in your Okta organization.
Department (Optional) Updated Department of the user that you want to update in your Okta organization.
Mobile Phone (Optional) Updated mobile number of the user that you want to update in your Okta organization.
Primary Phone (Optional) Updated primary phone number of the user that you want to update in your Okta organization.
Street Address (Optional) Updated street address of the user that you want to update in your Okta organization.
City (Optional) Updated city of the user that you want to update in your Okta organization.
State (Optional) Updated state of the user that you want to update in your Okta organization.
Zip Code (Optional) Updated zip code of the user that you want to update in your Okta organization.
Country Code (Optional) Updated country code of the user that you want to update in your Okta organization.

 

Output

The JSON output contains details such as credentials and profile of the updated user retrieved from your Okta organization.

Following image displays a sample output:

 

Sample output of the Update User operation

 

operation: Set Password

Input parameters

 

Parameter Description
User ID ID of the user whose password you want to update in your Okta organization.
New Password New password to be set for the specified use in your Okta organization.
Note: Password requirements are: at least 8 characters, a lowercase letter, an uppercase letter, a number, and it must not contain any part of your username.

 

Output

The JSON output contains details such as credentials and profile of the user whose password has been reset from your Okta organization.

Following image displays a sample output:

 

Sample output of the Set Password operation

 

operation: Activate User

Input parameters

 

Parameter Description
User ID ID of the user who you want to activate in your Okta organization.

 

Output

The JSON output returns a blank (success) message if the user is activated successfully in your Okta organization, or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Activate User operation

 

operation: Deactivate User

Input parameters

 

Parameter Description
User ID ID of the user who you want to deactivate from your Okta organization.

 

Output

The JSON output returns a blank (success) message if the user is deactivated successfully from your Okta organization, or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Deactivate User operation

 

operation: Unlock User

Input parameters

 

Parameter Description
User ID ID of the user who you want to unlock in your Okta organization.

 

Output

The JSON output returns a blank (success) message if the user is unlocked successfully in your Okta organization, or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Unlock User operation

 

Included playbooks

The Sample - OKTA - 1.0.0 playbook collection comes bundled with the OKTA connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the OKTA connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.