Okta Integration Discovered Resources

Ingested Resources & Properties

Users (`user`)

Property

Description

name

Email address of the user (used as the primary identifier)

email_address

Email address of the user

label

Display name of the user (from Okta profile)

User Groups (`user_group`)

Property

Description

name

Display name of the group (from Okta profile)

subtype

Always "okta" for groups observed from Okta

native_id

Okta group ID

created_at

Timestamp when the group was created in Okta

members

List of user members that belong to this group. Each member entry is a dictionary with a uri key pointing to the user resource.

Relationships

Membership Relationships

The Okta integration creates membership relationships between groups and their members (users or nested groups).

Group → Members

Groups have a members property that contains a list of member dictionaries. Each dictionary has:

uri: The URI of the member (user or group)

EQL Examples:

# Find all groups that have a specific user as a member
has member(uri="[email protected]")

# Find all members of a specific group
type = "user" and is member of(uri='user_group.048093095703')

User → Groups

Users can be queried to find which groups they belong to using the membership relationship in reverse.

EQL Examples:

# Find all groups that contain a specific user
has member(uri="[email protected]")

Resource URIs

User URI Format

Users are identified using the following URI format:

user_account.<EMAIL_ADDRESS>

Examples:

User Group URI Format

Groups are identified using the following URI format:

user_group.<OKTA_GROUP_ID>

Examples:

user_group.00gz751533qdcfa7h697
user_group.00gz751534gldauee697

Example EQL Query:

# Find users in a specific group
type = "user" and is member of(name='some group')

You can then access the raw object properties through the Euno API or in custom properties to extract specific Okta fields.

Group Members

The members property on groups contains a list of user members. Each member entry is a dictionary with a uri key pointing to the user resource.

Note: Currently, the Okta integration observes direct user memberships only. Nested groups (groups that are members of other groups) are not currently supported, but all groups in your Okta organization are observed as separate user_group resources.

PreviousOkta NextGoogle Workspace

Last updated 11 days ago

hashtagIngested Resources & Properties

hashtagUsers (user)

hashtagUser Groups (user_group)

hashtagRelationships

hashtagMembership Relationships

hashtagGroup → Members

hashtagUser → Groups

hashtagResource URIs

hashtagUser URI Format

hashtagUser Group URI Format

hashtagGroup Members