SaaS Security Administrator's Guide
    : Onboard an Okta App to SSPM
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. SaaS Security Posture Management
    5. Onboard SaaS Apps Supported by SSPM
    6. Onboard an Okta App to SSPM
    Download PDF

    SaaS Security Administrator's Guide

    Onboard an Okta App to SSPM

    Table of Contents

    Onboard an Okta App to SSPM

    Connect an Okta instance to SSPM to detect posture risks.
    For SSPM to detect posture risks in your Okta instance, you must onboard your Okta instance to SSPM. Through the onboarding process, SSPM connects to an Okta API by using an API token that you generate from Okta's administrator console. After connecting to the Okta API, SSPM scans your Okta instance for misconfigured settings. If there are misconfigured settings, SSPM suggests a remediation action based on best practices.
    To onboard your Okta instance, you complete the following actions:

    Create an API Token for Connecting to Your Okta Instance

    To access your Okta instance, SSPM requires the following information, which you will specify during the onboarding process.
    ItemDescription
    API Token
    A generated character string that identifies an Okta administrator to the Okta API. SSPM requires this API token to authenticate to the API. The token will inherit the permissions of the administrator who creates the token.
    Required permissions: The API token must be created by a Super Administrator.
    Admin Instance URL
    The URL for your administrator console.
    As you complete the following steps, make note of the values of the items described in the preceding table. You will enter these values during onboarding to enable SSPM to access your Okta instance.
    1. Identify the Okta Super Administrator account that you will use to create your API Key.
      The API key will inherit the permissions of the administrator who creates the key. To grant SSPM the permissions it needs, the API key must be created by a Super Administrator.
    2. Using the Super Administrator account that you identified, log in to your Okta administrator console.
    3. Identify your administrator instance URL, which appears in the browser's address bar.
      Your administrator instance URL is your subdomain plus -admin.okta.com (https:// <subdomain>-admin.okta.com).
      Before you continue to the next step, make note of your administrator instance URL. You will provide this information to SSPM during the onboarding process.
    4. In the left navigation pane, select SecurityAPI.
    5. On the API page, select the Tokens tab.
    6. Create token.
      A dialog opens prompting you to name your token.
    7. Specify a name for your token and Create token.
      Okta generates and displays your token.
    8. Copy the generated token and paste it into a text file.
      Do not continue to the next step unless you have copied the API token. You will provide this token to SSPM during the onboarding process.

    Connect SSPM to Your Okta Instance

    By adding an Okta app in SSPM, you enable SSPM to connect to your Okta instance.
    1. From the Add Application page ( Posture SecurityApplicationsAdd Application), click the Okta tile.
    2. Under posture security instances, Add Instance or, if there is already an instance configured, Add New instance.
    3. Log in with Credentials.
    4. Enter your API token and your administrator instance URL and Connect.

    © 2024 Palo Alto Networks, Inc. All rights reserved.