Skip to main content

Netskope Help

Okta Plugin for Risk Exchange

This document explains how to configure Okta with Log Shipper in the Netskope Cloud Exchange platform. This integration enables seeing multiple connected systems’ risk values for individual users and groups.

Prerequisites

To complete this configuration, you need:

  • A Netskope tenant (or multiple, for example, production and development/test instances)

  • A Netskope Cloud Exchange tenant with the Risk Exchange module already configured.

  • Okta Domain and API Token for perform group operations.

  • No special license (Advanced Threat Protection) is needed.

Workflow
  1. Obtain an Okta Domain and create an API token.

  2. Configure the Okta plugin.

  3. Configure Risk Exchange Action for the Okta plugin.

  4. Validate the Okta plugin.

Click play to watch a video.

 
  1. Log in to Okta.

    image2.png
  2. Click Admin.

    image3.png
  3. Click on the downward arrow in the right upper corner.

    image4.png
  4. Copy the Okta domain.

    image5.png
  5. Go to Security > API.

    image6.png
  6. Click Create Token.

    image7.png
  7. Enter a token name and click Create Token

    image8.png
  8. Copy the token value. You need this to configure the Okta plugin.

    image9.png
  1. Go to Settings > Plugins.

  2. Select the Okta box to open the plugin creation dialog.

    image11.png
  3. Enter a Configuration Name

  4. Keep the Sync Interval default.

    image12.png
  5. Click Next.

    image13.png
  6. Enter your Okta Domain and the API Token obtained in the previous section.

  7. Click Next.

    image14.png
  8. Keep the Select Range default because the Okta plugin does not support fetching user scores.

  9. Click Save.

    image15.png
  1. Go to Risk Exchange and click Actions.

    image17.png
  2. Click Add Action Configuration.

    image18.png
  3. Click the Business rule dropdown list and choose the appropriate Business rule.

  4. Select the Configuration dropdown list and choose Okta.

    image19.png
  5. Select Actions from the dropdown list and choose (Add to Group, Remove to Group or No Action).

    • Add to Group : When triggered, users are added to that group.

    • Remove to Group : When triggered, users are removed from that group.

    • No Action : This does not perform any actions on users.

  6. From the Group dropdown list, select a Group Name, or select Create new group from the Group dropdown list. Enter the Group Name if you want to create a new group in Okta.

    image20.png
  7. Click Save.

    image21.png
  8. Click Sync to perform the action manually.

    image22.png
  9. Enter the days, then click fetch to see the number of users will be affected by this action.

    image23.png
  10. Click Sync for performing actions.

To validate the plugin workflow, you can check in Netskope Cloud Exchange and in the Okta Platform.

To validate in Cloud Exchange:

In Cloud Exchange, go to Action Logs.

image24.png

To validate in Okta:

  1. Open the Okta Admin section.

  2. Click Groups. Find the group you selected in the Business Rules for Okta.

    image25.png