1. Expel Help Center
  2. Auto Remediations
  3. Disable Accounts

Okta: Disable Accounts

This guide is the first step of a larger process to enable auto remediations. After completing the steps on this page, you will be instructed to return to the Enable an Auto Remediation in Workbench guide to finish your setup.

This guide helps you set up your Okta device so that you can enable the Disable Accounts auto remediation in Workbench. During the setup process, you will grant Expel all necessary permissions for the remediation to work.

How It Works

If our SOC identifies an account (username or email address) that is compromised and must be disabled, Workbench completes the action automatically and logs the user out of their session. You have the option to restrict these actions to specific accounts by configuring an allow or deny list (the accounts must first be added as context, and then the list can be configured in Workbench; see Step 2).

Note

Some vendors refer to disabling a user account as blocking a user, suspending a user, changing user status, removing a user from the org, or locking a user account.

Prerequisites

  1. You must have admin privileges in Okta (either Super Administrator privileges or Report Administrator + Group Administrator permissions).
  2. You must have admin access in Workbench, as auto remediations are enabled at the organization level.

Quick Links

Setup includes the following steps (select any step for detailed instructions):

  1. Grant Necessary Permissions
  2. Update Your Context
  3. Return to the Main Setup Guide

Step 1: Grant Necessary Permissions

The Okta API token uses the Read-Only Admin permission in Workbench and the Auto Disable Accounts feature requires the Group Admin permission. In Okta, API tokens have the same permissions as the user who creates them and, if the user permissions change, the API token permissions also change.

As a result, you have the following options:

  • If you want to edit the existing user permissions, choose Option 1 (you must have Super Administrator privileges to choose this option).
  • If you want to generate a new API token with the required permissions and then update your security device in Workbench, choose Option 2 (you must have Report Administrator + Group Administrator permissions to choose this option).

Option 1: Edit Existing User Permissions

The user you edit should be the one that created the API token, which is the same user you configured in Okta Workforce Identity Cloud setup for Workbench.

  1. Log in to your Okta organization as a user with Super Administrator permissions.
  2. Add the Report Administrator + Group Administrator permissions to the existing user for Expel.

Option 2: Generate a New API Token

  1. Log in to your Okta organization as a user with Report Administrator + Group Administrator permissions.
  2. Follow Step 2 of the Okta Workforce Identity Cloud Setup for Workbench to generate a new API token.
  3. In a new browser tab, log in to Workbench.
  4. Navigate to Settings > Security Devices.
  5. Find Okta in the security device list.
  6. On the right side of the Okta row, select the down arrow (mceclip0.png), and select View & Edit.
    mceclip1.png
  7. Replace the API Token with the newly generated token.
    mceclip3.png
  8. Select Save.

Step 2: Update Your Context

If you do not want to specify any accounts for a "do not disable" or "always disable" list, and instead wish for Expel to automatically disable all identified accounts, skip to Step 3.

Working with your engagement manager, prepare to create an allow or deny list by adding accounts as context for your environment. You will then be able to select those accounts as "Never disable" or "Always disable" assets when you enable the auto remediation in Workbench.

Note

If our SOC identifies an account that must be disabled and you have created either an allow ("Always disable") or deny ("Never disable") list in Workbench, any accounts falling outside of those parameters are assigned to you as actions rather than being disabled automatically.

Step 3: Return to the Main Setup Guide

Your Okta device is now ready for the Disable Accounts auto remediation. You should now do one of the following:

  • If you do not need to set up any other devices for this auto remediation, you can return to the Enable an Auto Remediation in Workbench guide to finish Step 2 of the process.
  • If you need to set up additional devices for this auto remediation, or wish to use this device with multiple auto remediations, be sure to complete those setup guides as well before returning to the Enable an Auto Remediation in Workbench guide to finish Step 2 of the process. Make sure to follow the setup guide that is specific to your auto remediation, as device setup instructions are unique to each auto remediation and device.

 

Related articles