1. Expel Help Center
  2. Connect Your Technology
  3. SaaS Integrations
  4. Okta

Okta Workforce Identity Cloud Setup for Workbench

This article explains how to connect Okta Workforce Identity Cloud to Workbench.

Quick Links

  1. Enable Console Access

  2. Generate API Credentials

  3. Enable Okta Behavior Detection

  4. Configure the Technology in Workbench

Step 1: Enable Console Access

Having read-only access to the interface of your technology allows Expel to dig deeper during incident investigations. Our device health team uses this access to investigate potential health issues with your tech. For more information, see Why Expel Asks for Console Access.

  1. Create a user in Okta for Expel.

    • Select Directory and People.

    • Under People select Add person.

      • User type: User

      • First name: Expel

      • Last name: SOC

      • Username: Enter "soc+<Your_Organization_Name>@expel.io". Be sure to include the "+" sign as part of the email address.

    • Primary email: same as username

    • Password: set by user

    • Select Send user activation email now.

    • Select Save.

  2. Notify your customer success engineer that the registration email is sent.

Step 2: Generate API credentials

To integrate the technology with Workbench, we need to create secure credentials to the API.

  1. Sign into your Okta organization as a user with Read-Only Admin privileges. API tokens have the same permissions as the user who creates them, and if the user permissions change, the API token permissions also change.

  2. Open the API page.

    • If you use the Developer Console, select Tokens from the API menu.

    • If you use the Administrator Console (Classic UI), select API from the Security menu, and then select Tokens.

  3. Click Create Token.

  4. Name your token ExpelAPI and click Create TokenBe sure to make note of your API token in a safe location, as it will only be shown one time. 

  5. Collect your Okta URL (also called an Okta domain).

    • Sign in to your Okta organization with your administrator account.

    • Look for the Okta domain in the upper right corner of the dashboard.

Step 3: Enable Okta Behavior Detection

Expel provides coverage on geo-location, geo-impossible, and proxy login activity by leveraging the behavior indicators provided by Okta’s Adaptive MFA. This feature allows Okta to evaluate sign-in behavior such as device, location, IP, and velocity patterns that deviates from past activity. While this feature is intended to configure sign-on policies that respond to changes in behavior, this also provides behavioral indicators in Okta events. To enhance our detection coverage for anomalous activity, enable Okta Behavior Detection using the default Okta evaluation settings.

To enable Okta Behavior Detection:

  1. In the Okta Admin Console, navigate to Security > Behavior Detection.
  2. Select Add behavior and configure the behavior types listed below. Okta's default behavior detection evaluation settings provide a balanced baseline for most environments.
    • Location (New City, New State, New Country, New Geo-Location)
    • Device
    • IP
    • Velocity

For detailed guidance and information on how behavior detection works, refer to the official Okta documentation:

Step 4: Configure the technology in Workbench

Now that we have the correct access configured and noted the credentials, we can integrate your tech with Workbench.

  1. Log in to Workbench.

  2. Navigate to Settings > Security Devices.

  3. At the top of the page, click Add New Device.

  4. Search for and select Okta.

    Screen Shot 2021-07-16 at 6.18.35 PM.png

    • Complete all fields using the credentials and information you collected in Step 1 and Step 2.

  5. Click Save.

You can see if the device is healthy on the Security Devices page. It may take a few minutes to see the device listed as healthy.

To check if alerts are coming through, navigate to Dashboards > Alert Analysis. Scroll to the device you want to check, and select the Expel Alerts tab to reveal more alert information. It can take 36 to 72 hours for alerts to appear after setup, as we tune your device.

Related articles