Skip to main content
 

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

Step 1: Enable console access

  1. Create a user in Okta for Expel.

    • Select Directory and People.

      People.png
    • Under People select Add person.

      • User type: User

      • First name: Expel

      • Last name: SOC

      • Username: soc+<Your_Organization_Name>@expel.io

        Tip

        Yes, the "+" sign is part of the email address (as in soc+megacorp@expel.io) and it's important. Click here to find out why.

      • Primary email: same as username

      • Password: set by user

      • Select Send user activation email now.

        AddPersonDialogbox.png
  2. Notify your customer success engineer that the registration email is sent.

Step 2: Generate API Credentials

  1. Sign into your Okta organization as a user with Read-Only Admin privileges. API tokens have the same permissions as the user who creates them, and if the user permissions change, the API token permissions also change.

  2. Open the API page.

    • If you use the Developer Console, select Tokens from the API menu.

    • If you use the Administrator Console (Classic UI), select API from the Security menu, and then select Tokens.

      APIToolar.png
  3. Click Create Token.

    TokensCreateToken.png
  4. Name your token ExpelAPI and click Create Token.

    TokenNameToken.png

    Note

    Make note of your API token, as you only see it 1 time.

  5. Collect your Okta URL (also called an Okta domain).

    • Sign in to your Okta organization with your administrator account.

    • Look for the Okta domain in the upper right corner of the dashboard.

Step 3: Configure the technology in Workbench

  1. Log into https://workbench.expel.io.

  2. Navigate to Settings > Security Devices.

  3. At the top of the page, click Add New Device.

  4. Search for and select Okta (first option).

    Screen Shot 2021-07-16 at 6.18.35 PM.png
    • Select Expel Direct Cloud Service for the SIEM.

    • Complete all fields using the credentials and information you collected in Step 1 and Step 2.