Skip to main content
 
  1. Expel Support Center
  2. Connecting your technology
  3. Cloud

Okta getting started guide

Sharon Burton

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

Step 1: Enable console access

Having read-only access to the interface of your technology allows Expel to dig deeper during incident investigations. Our device health team uses this access to investigate potential health issues with your tech.

  1. Create a user in Okta for Expel.

    • Select Directory and People.

      People.png

    • Under People select Add person.

      • User type: User

      • First name: Expel

      • Last name: SOC

      • Username: soc+<Your_Organization_Name>@expel.io

        Tip

        Yes, the "+" sign is part of the email address (as in soc+megacorp@expel.io) and it's important. Click here to find out why.

      • Primary email: same as username

      • Password: set by user

      • Select Send user activation email now.

        AddPersonDialogbox.png

      • Click Save.

  2. Notify your customer success engineer that the registration email is sent.

Step 2: Generate API Credentials

To integrate the technology with Workbench, we need to create secure credentials to the API. Depending on the permissions allowed in Step 1, Expel may be able to generate API credentials. If you're unsure, reach out to your Expel customer success engineer, or email customerhealth@expel.io.

  1. Sign into your Okta organization as a user with Read-Only Admin privileges. API tokens have the same permissions as the user who creates them, and if the user permissions change, the API token permissions also change.

  2. Open the API page.

    • If you use the Developer Console, select Tokens from the API menu.

    • If you use the Administrator Console (Classic UI), select API from the Security menu, and then select Tokens.

      APIToolar.png

  3. Click Create Token.

    TokensCreateToken.png

  4. Name your token ExpelAPI and click Create Token.

    TokenNameToken.png

    Note

    Make note of your API token, as you only see it 1 time.

  5. Collect your Okta URL (also called an Okta domain).

    • Sign in to your Okta organization with your administrator account.

    • Look for the Okta domain in the upper right corner of the dashboard.

Step 3: Configure the technology in Workbench

Now that we have the correct access configured and noted the credentials, we can integrate Okta with Workbench.

  1. Log into https://workbench.expel.io.

  2. Navigate to Settings > Security Devices.

  3. At the top of the page, click Add New Device.

  4. Search for and select Okta (first option).

    Screen Shot 2021-07-16 at 6.18.35 PM.png

    • Select Expel Direct Cloud Service for the SIEM.

    • Complete all fields using the credentials and information you collected in Step 1 and Step 2.

  5. Click Save.

To check if alerts are coming through, navigate to Alerts on the console page. Click the icon in the upper right to switch to grid view, then check the list for device alerts.

  • Was this article helpful?

  • 1 out of 1 found this helpful

Related articles

Comments

0 comments

Please sign in to leave a comment.