How Defender for Cloud Apps helps protect your Okta environment

Article
01/22/2024

As an identity and access management solution, Okta holds the keys to your organizations most business critical services. Okta manages the authentication and authorization processes for your users and customers. Any abuse of Okta by a malicious actor or any human error may expose your most critical assets and services to potential attacks.

Connecting Okta to Defender for Cloud Apps gives you improved insights into your Okta admin activities, managed users, and customer sign-ins and provides threat detection for anomalous behavior.

Use this app connector to access SaaS Security Posture Management (SSPM) features, via security controls reflected in Microsoft Secure Score. Learn more.

Main threats

Compromised accounts and insider threats

How Defender for Cloud Apps helps to protect your environment

SaaS security posture management

Connect Okta to automatically get security recommendations for Okta in Microsoft Secure Score.

In Secure Score, select Recommended actions and filter by Product = Okta. For example, recommendations for Okta include:

Enable multi-factor authentication
Enable session timeout for web users
Enhance password requirements

For more information, see:

Control Okta with built-in policies and policy templates

You can use the following built-in policy templates to detect and notify you about potential threats:

Type	Name
Built-in anomaly detection policy	Activity from anonymous IP addresses Activity from infrequent country Activity from suspicious IP addresses Impossible travel Multiple failed login attempts Ransomware detection Unusual administrative activities
Activity policy template	Logon from a risky IP address

For more information about creating policies, see Create a policy.

Automate governance controls

Currently, there are no governance controls available for Okta. If you are interested in having governance actions for this connector, you can open a support ticket with details of the actions you want.

For more information about remediating threats from apps, see Governing connected apps.

Protect Okta in real time

Review our best practices for securing and collaborating with external users and blocking and protecting the download of sensitive data to unmanaged or risky devices.

Connect Okta to Microsoft Defender for Cloud Apps

This section provides instructions for connecting Microsoft Defender for Cloud Apps to your existing Okta account using the connector APIs. This connection gives you visibility into and control over Okta use. For information about how Defender for Cloud Apps protects Okta, see Protect Okta.

Use this app connector to access SaaS Security Posture Management (SSPM) features, via security controls reflected in Microsoft Secure Score. Learn more.

To connect Okta to Defender for Cloud Apps:

It's recommended that you create an admin Service Account in Okta for Defender for Cloud Apps.

Make sure you use an account with Super Admin permissions.

Make sure your Okta account is verified.
In the Okta console, select Admin.
- Select Security and then API.
- Select Create Token.
- In the Create Token pop-up, name your Defender for Cloud Apps token, and select Create Token.
- In the Token created successfully pop-up, copy the Token value.
In the Microsoft Defender Portal, select Settings. Then choose Cloud Apps. Under Connected apps, select App Connectors.
In the App connectors page, select +Connect an app, and then Okta.
In the next window, give your connection a name and select Next.
In the Enter details window, in the Domain field, enter your Okta domain and paste your Token into the Token field.
Select Submit to create the token for Okta in Defender for Cloud Apps.
In the Microsoft Defender Portal, select Settings. Then choose Cloud Apps. Under Connected apps, select App Connectors. Make sure the status of the connected App Connector is Connected.