Okta
Integration version: 7.0
Configure Okta to work with Google Security Operations
This document explains how to integrate Oktawith Google Security Operations (Google SecOps).
Credentials
Sign in to yourOktaaccount to get your personal API token.
On theDashboard page, navigate toAPI> Tokens.
Note: Email verification is required if you find relevant URLs for the APIkey and API Documentation.To get your token, clickCreate Token.
In theCreate Token dialog, enter the token name and clickCreate Token.
Copy and save generated token value. Use this token to configure the Oktaintegration in Google SecOps.
Network
| Function | Default Port | Direction | Protocol |
|---|---|---|---|
| API | Multivalues | Outbound | apitoken |
Configure Okta integration in Google SecOps
For detailed instructions on how to configure an integration inGoogle SecOps, seeConfigureintegrations.
Integration parameters
TheOkta integration requires the following parameters:
| Parameter | Description |
|---|---|
Api Root | Required. The base URL of your Okta instance, used to access the API. The default value is |
Api Token | Required. The API Token generated from your Okta account, which grants the integration instance API access to perform actions. |
Verify SSL | Optional. If selected, the integration validates the SSL certificate when connecting tothe Okta server. Not enabled by default. |
For instructions about how to configure an integration inGoogle SecOps, seeConfigureintegrations.
You can make changes at a later stage, if needed. After you configure anintegration instance, you can use it in playbooks. For more information abouthow to configure and support multiple instances, seeSupportingmultiple instances.
Actions
Add Group
Add a group.
Parameters
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/AEntity Enrichment
N/A
Insights
N/A
Assign Role
Assign a role to a user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs | String | N/A | IDs of users in Okta. |
| Role Types | String | N/A | The type of role to assign to the users. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/AEntity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| Roles | Returns if it exists in JSON result |
Insights
N/A
Clear Okta User Session
Use theClear Okta User Session action to terminate all active Okta sessionsfor specific users across all devices and integrated applications.
This action runs on the Google SecOpsUsername entity.
Action inputs
TheClear Okta User Session action requires the following parameters:
| Parameter | Description |
|---|---|
User IDs Or Logins | Optional. A comma-separated list of Okta user IDs or login identifiers. |
Also Run On Scope | Optional. If selected, the action revokes active Identity Provider (IdP) sessions for all users identified in the entity scope, in addition to those explicitly listed in |
Action outputs
TheClear Okta User Session action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Output messages
TheClear Okta User Session action can return the following output messages:
| Output message | Message description |
|---|---|
| The action succeeded. |
Error executing action "Clear Okta User Session". Reason:ERROR_REASON | The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when usingtheClear Okta User Session action:
| Script result name | Value |
|---|---|
is_success | true orfalse |
Disable User
Disables the specified user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs of users in Okta. |
| Is Deactivate | Checkbox | Checked | Whether to deactivate or only suspend the user. |
| Send Email If Deactivate | Checkbox | Checked | Whether to send an email after deactivating or not. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/AEntity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| is_deactivate | If it's True, the user is disabled. Otherwise: False |
| is_send_email_deactivate | If it's True, the user is disabled. Otherwise: False |
Insights
N/A
Enable User
Enables the specified user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins of users in Okta. |
| Is Activate | Checkbox | Checked | Whether to activate the user or just unsuspend. |
| Send Email If Activate | Checkbox | Checked | Whether to send an email after activating or not. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/AEntity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| is_reactivate | If it's True, the user is enabled. Otherwise: False |
| is_send_email_reactivate | If it's True, the user is disabled. Otherwise: False |
Insights
N/A
Get Group
Get information about a group.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| Group IDs Or Names | String | N/A | IDs or names of groups in Okta. |
| Is Id | Checkbox | Checked | Whether the value is an ID or a name. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/AEntity Enrichment
N/A
Insights
N/A
Get user
Get information about a user
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins (email or short email name) of a user in Okta, for example: test@gmail.com or simply 'test'. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Result
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
[{"status":"ACTIVE","profile":{"mobilePhone":null,"firstName":"Test","lastName":"User","secondEmail":null,"login":"test.user@asd.com","email":"test.user@asd.com"},"passwordChanged":"2022-07-11T06:11:25.000Z","created":"2022-07-11T06:07:55.000Z","activated":null,"lastUpdated":"2022-07-11T06:11:25.000Z","_links":{"schema":{"href":"https://trial-0000.okta.com/api/v1/meta/schemas/user/osc1xxxxxxxx"},"suspend":{"href":"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/suspend","method":"POST"},"forgotPassword":{"href":"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/credentials/forgot_password","method":"POST"},"self":{"href":"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx"},"expirePassword":{"href":"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/expire_password","method":"POST"},"resetFactors":{"href":"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/reset_factors","method":"POST"},"deactivate":{"href":"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/deactivate","method":"POST"},"changePassword":{"href":"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/credentials/change_password","method":"POST"},"changeRecoveryQuestion":{"href":"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/credentials/change_recovery_question","method":"POST"},"type":{"href":"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx"},"resetPassword":{"href":"https://trial-0000.okta.com/api/v1/users/00u1xxxxxxxx/lifecycle/reset_password","method":"POST"}},"lastLogin":"2022-07-11T06:15:14.000Z","credentials":{"password":{},"provider":{"type":"OKTA","name":"OKTA"}},"type":{"id":"oty1xxxxxxxxxxxxx"},"id":"oty1xxxxxxxxxxxxx","statusChanged":"2022-07-11T06:11:25.000Z"}]Entity Enrichment
N/A
Insights
N/A
List Providers
List identity providers (IdPs) in your organization.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| Query | String | N/A | Search the name property for a match. |
| Type | Checkbox | Checked | Filter by type. |
| Limit | String | 20 | Max amount of results to return. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/AEntity Enrichment
N/A
Insights
N/A
List Roles
Lists all roles assigned to a user.
Parameters
| User IDs | String | N/A | IDs of users in Okta. |
|---|---|---|---|
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/AEntity Enrichment
N/A
Insights
N/A
List User Groups
Get the groups that the user is a member of.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins of users in Okta. |
| Also Run On Scope | Checkbox | Checked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/AEntity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| profile | Returns if it exists in JSON result |
| name | Returns if it exists in JSON result |
Insights
N/A
List Users
Get the list of users.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| Query | String | N/A | Search for a match in the firstname, lastname or in the email. |
| Filter | String | N/A | Custom search query for a subset of properties. |
| Search | String | N/A | Custom search query for most properties. |
| Limit | String | 200 | Max amount of results to return. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/AEntity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| profile | Returns if it exists in JSON result |
| name | Returns if it exists in JSON result |
Insights
N/A
Ping
Test Connection with Okta.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/AEntity Enrichment
N/A
Insights
N/A
Reset Password
Generate a one-time token that can be used to reset a user's password.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins of users in Okta. |
| Send Email | Checkbox | Unchecked | Whether to send an email for the password reset or return the token for every user. |
| Also Run On Scope | Checkbox | Unchecked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/AEntity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| send_email | Returns if it exists in JSON result |
Insights
N/A
Set Password
Set the password of a user without validating the existing credentials.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs Or Logins | String | N/A | IDs or logins of users in Okta. |
| New Password | String | N/A | The new password. |
| Add 10 Random Chars | Checkbox | Unchecked | Whether to add extra characters to every user password or not. |
| Also Run On Scope | Checkbox | Unchecked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/AEntity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| set_password | Returns if it exists in JSON result |
Insights
N/A
Send ITP Signal
Distribute Identity Threat Protection (ITP) signals to relevant consumers usingthe Shared Signals Framework (SSF).
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| Key ID | String | N/A | The ID of the public key used to verify the private key's signature. |
| Private Key String | Password | N/A | The private key used to sign the signal. The key is provided in a stringformat and includes the "BEGIN" and "END" statements. |
| User Email | Mail Address | N/A | The email address of the affected user. |
| Timestamp | timestamp | N/A | The timestamp of the signal occurrence. The timestamp format is ISO 8601. |
| Reason | String | N/A | A brief description explaining why the signal was generated. |
| Severity | String or DDL | N/A | The severity level of the signal. |
| Issuer URL | URL | N/A | The source system that created the signal. |
Action Results
JSON Result
{"status":200,"payload":{"iss":"https://www.google.com/","jti":"3c5fbf0c-3977-11f0-a195-7e498c84a3dd","iat":1748184472,"aud":"https://<your-okta-domain>.oktapreview.com","events":{"https://schemas.okta.com/secevent/okta/event-type/user-risk-change":{"subject":{"user":{"format":"email","email":"user@domain.net"}},"current_level":"medium","previous_level":"low","reason_admin":{"en":"BadNavigationEvent"},"event_timestamp":1742199770057}}}}Output messages
| Output message | Message description |
|---|---|
| The action succeeded. |
Failed to send the ITP signal to Okta. Error is {0}".format(exception.stacktrace) | The action failed. Check the connection to the server, input parameters, or credentials. |
Script Result
| Script Result Name | Value Options |
|---|---|
| is_success | True orFalse |
Unassign Role
Unassign a role from a user.
Parameters
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| User IDs | String | N/A | IDs of users in Okta. |
| Role IDs Or Names | String | N/A | IDs or names of roles in Okta. |
| Also Run On Scope | Checkbox | Unchecked | Whether to run on entities as well as the input. |
Use cases
N/A
Run On
This action runs on the following entities:
- User
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ScriptResult | N/A | N/A |
JSON Result
N/AEntity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| unassign_role | Returns if it exists in JSON result |
Insights
N/A
Need more help?Get answers from Community members and Google SecOps professionals.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-19 UTC.