Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

Okta

This documentation for the Okta integration describes the technical capabilities of this integration, including authorization, scopes/permissions, and utilized endpoints. For more information on how to integrate Okta, visit our connection instructions.

Version

This integration utilizes the Okta Developer API v1.

Base URL

The base URL used for all Okta API endpoints contains the Organization domain (tenant) and API Version:
https://domain/api/api_version/

Authentication & Authorization

The Cyera Okta integration connects using token authentication which requires an API Token.

Sensitive Credentials
Publicly exposing your API credentials can allow unauthorized access to Okta API endpoints by a third party. Cyera stores your API credentials encrypted and protected.

Scopes

The Okta integration requires specific scopes that must be granted in order to function for a given capability.

ScopeAccessDeletionSystem Detection
Read Only Administrator
Super Administrator

Endpoints Utilized

Cyera uses the following endpoints to authorize and test the connection:

MethodEndpointPurposeDocs
GET/users/meCheck successful connection

Limits

Limits in Okta are calculated using the leaky bucket algorithm. All requests that are made after rate limits have been exceeded are throttled and an HTTP 429 Too Many Requests error is returned. Requests succeed again after enough requests have emptied out of the bucket.

  • Cyera supports requests throttling to stay within 70-80% of specified service rate limits.
  • Cyera processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).

Capabilities

Access

Cyera's Okta integration provides Synchronous Access capabilities for the following supported identifier category: Email.

Data Interactions

For Access requests, Cyera will take the following actions:

  1. Search for a User whose primary email, secondary email, or first name matches the Data Subject email.
  2. If a match is found, Cyera will return all available fields.

Endpoints Utilized

MethodEndpointPurposeDocs
GET/usersSearch user by email

Deletion

Cyera's Okta integration provides Synchronous Deletion capabilities for the following supported identifier category: Email.

Data Interactions

For Deletion requests, Cyera will take the following actions:

  1. Check if the Admin User who created the API token has the required ADMINS_CAN_DELETE permission.
  2. Deactivate the User if the Admin User has required permissions.
  3. Delete the User and ensure data associated with this email will be removed from the Okta project and prevent future data collection.

Endpoints Utilized

MethodEndpointPurposeDocs
DEL/usersDelete user by ID
GET/users/lifecycle/deactivateDeactivate the user
GET/users/rolesVerify if user can be deleted

System Detection

Cyera provides continuous system detection, delivering a real-time inventory of your data assets.

Data Interactions

Cyera's System Detection process runs once daily and performs the following actions:

  • Read Apps to detect new systems added to your organization.

Endpoints Utilized

MethodEndpointPurposeDocs
GET/appsRead apps

 

Need help?
If you have any questions, please reach out to your dedicated Customer Success Engineer or contact us at support@cyera.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.