Protect your Okta environment - Microsoft Defender for Cloud Apps (original) (raw)

As an identity and access management solution, Okta holds the keys to your organizations most business critical services. Okta manages the authentication and authorization processes for your users and customers. Any abuse of Okta by a malicious actor or any human error might expose your most critical assets and services to potential attacks.

Connecting Okta to Defender for Cloud Apps gives you improved insights into your Okta admin activities, managed users, and customer sign-ins and provides threat detection for anomalous behavior.

Use this app connector to access SaaS Security Posture Management (SSPM) features, via security controls reflected in Microsoft Secure Score. Learn more.

Main threats

How Defender for Cloud Apps helps to protect your environment

SaaS security posture management

Connect Okta to automatically get security recommendations for Okta in Microsoft Secure Score.

In Secure Score, select Recommended actions and filter by Product = Okta. For example, recommendations for Okta include:

For more information, see:

Control Okta with built-in policies and policy templates

You can use the following built-in policy templates to detect and notify you about potential threats:

Type Name
Built-in anomaly detection policy Activity from anonymous IP addressesActivity from infrequent countryActivity from suspicious IP addressesImpossible travelMultiple failed login attemptsRansomware detectionUnusual administrative activities
Activity policy template Logon from a risky IP address

For more information about creating policies, see Create a policy.

Automate governance controls

Currently, there are no governance controls available for Okta. If you're interested in having governance actions for this connector, you can open a support ticket with details of the actions you want.

For more information about remediating threats from apps, see Governing connected apps.

Protect Okta in real time

Review our best practices for securing and collaborating with external users and blocking and protecting the download of sensitive data to unmanaged or risky devices.

Prerequisites

To connect Okta to Defender for Cloud Apps:

Connect Okta to Microsoft Defender for Cloud Apps

This section provides instructions for connecting Microsoft Defender for Cloud Apps to your existing Okta account using the connector APIs. This connection gives you visibility into and control over Okta use. For information about how Defender for Cloud Apps protects Okta, see Protect Okta.

Use this app connector to access SaaS Security Posture Management (SSPM) features, via security controls reflected in Microsoft Secure Score. Learn more.

Configure Okta

In the Okta console, create a token for the API. Copy the token value, you will need it later.

Configure Defender for Cloud Apps

  1. In the Microsoft Defender Portal, select Settings > Cloud Apps.
  2. Under Connected apps, select App Connectors.
  3. In the App connectors page, select +Connect an app, and then Okta.
    Connect Okta.
  4. In the next window, give your connection a name and select Next.
  5. In the Enter details window, in the Domain field, enter your Okta domain and paste your Token into the Token field.
  6. Select Submit to create the token for Okta in Defender for Cloud Apps.
  7. In the Microsoft Defender Portal, select Settings. Then choose Cloud Apps. Under Connected apps, select App Connectors. Make sure the status of the connected App Connector is Connected.

After connecting Okta, you'll receive events for seven days prior to connection.

Next steps