Detecting IDP changes used for Cross Tenant Impersonation

Okta Defensive Cyber Operations have observed that attackers who have obtained Super Admin access are leveraging IdP Federation to impersonate users to gain access to downstream applications. In this post I will discuss how to leverage workflows to alert on any IdP changes. For a more detailed discussion of how to prevent this attack and … Continue reading Detecting IDP changes used for Cross Tenant Impersonation →

Processing Okta Event Hooks with Workflows

Okta Event hooks and Workflows can be combined to provide powerful detection, alerting and remediation actions. These can be leveraged for a wide range of actions such as those detailed in the Security Blog Post: Cross-Tenant Impersonation: Prevention and Detection including; Alerting on phishing attempts detected and stopped by FastPass and triggering changes to authentication … Continue reading Processing Okta Event Hooks with Workflows →

Bring Your Own Messaging Provider: WhatsApp OTP with Inline Hooks & Workflows

Okta's Identity Engine introduced an Inline Hook for Telephony effectively allow you to replace Okta's inbuilt SMS solution with your own provider. This empowers customers to manage their own numbers and providers around the world allowing for cost and delivery optimisation. It also paves the way for adding additional channel options for OTP messages. Messaging … Continue reading Bring Your Own Messaging Provider: WhatsApp OTP with Inline Hooks & Workflows →

Learn How to use Workflows for Inline Hooks

ImportantCreate Inline Hook With this release of low-latency flows, Okta has laid the groundwork for supporting any web hook that is time sensitive. Traditionally, organizations have to spend engineering effort to build, deploy, host, and manage their own system in order to enrich a user's profile (token or session), or notify/remediate a security threat. Those … Continue reading Learn How to use Workflows for Inline Hooks →

Event Hook Filtering and Okta Workflows

Event Hooks are outbound calls from Okta, sent when specified events occur in your tenant. They take the form of HTTPS REST calls to a URL you specify, encapsulating information about the events in JSON objects in the request body. These calls from Okta are meant to be used as triggers for process flows within … Continue reading Event Hook Filtering and Okta Workflows →

Password Import Hook with Java Endpoint

This blog post is an additional add-on to Dany’s post on Office 365 / Azure AD seemless Users and Password’s Migration to Okta In this post, we will replace the Okta Workflows implementation of the hook endpoint with a Java service. Webhooks are user-defined HTTP callbacks and are usually triggered by some event. Okta’s implementation … Continue reading Password Import Hook with Java Endpoint →