Okta Workforce Identity Cloud

You can connect your Okta Workforce Identity Cloud (WIC) tenant to Verosint to detect and respond to identity threats in real time for faster and more efficient remediation.

Streaming Events

In the Okta Workforce Identity Cloud admin console navigate to Workflow -> Event Hooks -> Create Event Hook. Enter your information on the Add Event Hook Endpoint dialog:

1. Enter a name for this event hook.
2. Enter Verosint's URL https://api.verosint.com/v1/signalprint/logs to receive data.
3. Type authorization in the Authentication field
4. Type Bearer in the Authentication secret field and append your Verosint API key, which is located in your Verosint account profile. Make sure that there is a space character between Bearer and the API key.
5. Select the type of events, and choose the events processed by Verosint:
   Subscribe to events ->
   1. User sign in attempt
   2. Authentication of user via MFA
   3. User logged out from Okta
   4. Fired when the user's Okta password is reset
   5. User's Okta password updated
   6. User created
   7. Single Sign-on
6. Hit Save & Continue.
7. Hit Verify.
8. Once the hook has completed verification, Verosint will receive the selected events.

Threat Response

First, configure a new App Integration in Okta:

Applications -> Appilcations -> Create App Integration

Name it Verosint Integration and give it super administrator role

Then grant it the following specific scopes

You will need to generate a Key and make note of the following information for your application:

• Okta Domain
• Okta Client ID
• Okta Key ID
• Okta Private Key

In Verosint, navigate to the Workspace Settings page to configure Okta as a threat response provider.

Once configured, you'll be able to respond to threats by suspending accounts and revoking sessions.