Docs
Configuration
Discover
How to Configure an Okta Data Source

How to Configure an Okta Data Source

This article provides detailed steps to set up an Okta data source for discovery.

Prerequisites

Okta credentials are required to configure an Okta Data Source. The following guides you through the necessary steps.

Note: The token will have the same permissions as the user that created it. To enable Hydden to see all the account data correctly, we suggest that a ‘Super Admin’ creates the token.

  1. To configure an API Token in Okta, navigate to https://[your okta tenant name].okta.com/admin/access/api/tokens. Alternatively, login to your Okta tenant with admin credentials, and browse using the left-hand menu to SECURITY | API. Change the API page view to TOKENS.

  2. On the TOKENS view page, press the Create Token button.

  3. On the token creation page, enter a name for the token that Hydden will use to perform its collections.

  4. To complete the token creation workflow, press the CREATE TOKEN button.

  5. Copy and save the Token Value, which looks something like the following: 00AReXGuJKL9r-i3HbvUj9piQc-Quc49XMZ9VYgfrf

    Note, that you will not be able to view this value again after leaving the page. This value is needed on the Data Source creation page.

  6. Make note of the Token ID, which will look something like the following: 00D234plopklal8DS5k9.

    This will be the Client ID on the Data Source Credentials configuration page.

Configure Your Hydden Okta Data Source

  1. Login to your Hydden tenant.

  2. To access the data sources page, navigate to Configuration > Discover and select Data Sources or use the data source URL: https://portal.hydden.com/configuration/datasource.

  3. To add the Okta data source, click + Add Data Source.

  4. From the drop-down, choose Okta.

  5. For Name enter an easy-to-identify name for the data source.

  6. For Tenant, enter your Okta tenant name, i.e. bus-33563577.okta.com.

  7. You may ignore Preset and Schedule for now.

  8. To the right of Credentials, click +.

    1. The Add credential modal opens and the drop-down selection should show Cloud credential. If not, change it to Cloud credential.
    2. Enter a name for your Okta credential.
    3. Enter the client ID and Secret from your Okta API Token as previously saved/vaulted.
    4. Click Add.

  9. A Site entry is not needed for the Google Data Sources.

  10. Under the Select Account Mapping Rule Set drop-down, select from the following options:

    • Default Rules Only
    • Add All Rules
    • Add All Default Rules
    • Add All Custom Rules
    • Manual Selection: Rules need to be selected from a drop-down menu.

    Any rules added, can be removed by clicking on the x on the rule name label.

    NOTE: Rules need to be set to enabled on the rule add/edit modal to work in your tenant, refer to Account Mapping.

  11. To enable account mapping or identity creation, select the Enable Automatic Account Mapping and Enable Automatic Identity Creation checkboxes respectively. Both options can be enabled at the same time.

  12. In the Automatic Mapping Rules (Match Account to Identity using) field, rules are either automatically populated based on your selection under the Automatic Account Mapping Rules step or you have to manually add rules from the drop-down menu. Any rules added, can be removed by clicking on the x on the rule name label.

  13. From the Automatic Identity Creation Rules (Create New Identity when) drop-down, select which rules you want to use in your environment. Custom rules are listed first. Any rules added, can be removed by clicking on the x on the rule name label.

  14. Click Add to save the data source. You have an option to manually run the data collection via the Run Now button.

At this point, you can run a collection from the Data Sources page and shortly after, you will see your Okta users listed on the Identity Posture dashboard, in Global Search and the Search Library.

How to Configure a Google Data SourceSchedules