# One Okta (cloud) The NetSPI Platform has a broad integration with One Okta. Similar to our other integrations, the One Okta integration is read-only and does not perform actions to configure systems or otherwise change anything about your One Okta system. ## Supported asset types The One Okta integration provides the NetSPI Platform visibility into the following asset types: - Users - Systems ## Data run frequency The One Okta integration pulls data every 12 hours. ## Endpoints used The following API endpoints are used in this integration. - `api/v1/users` - `api/v1/logs` - `api/v1/devices` ## Required permissions This integration needs an API key with the following access permissions: - Read-only Administrator ## Configuration steps Use the section below for configuring Okta to integrate with the NetSPI Platform. ### Step one: Okta system configuration Okta attaches the API token to a user. NetSPI recommends that a service account be created for this API token to be attached to. 1. Navigate to *Admin -> Settings -> Features* and ensure that *Custom administrator roles* is enabled. ![Okta integration step](/static/caasm/integrations/okta_integration_1_half.png "Okta integration step") 2. Navigate to *Admin -> Directory -> People -> Add person* and create a service account, selecting **Save** to complete. ![Okta integration step](/static/caasm/integrations/okta_integration_1.png "Okta integration step") 3. Navigate to *Admin -> Security -> Administrators -> Admins* and select **Add Administrator**. 4. Search for the service account you just created above and select it. 5. Under Roles, select *Read-only Administrator*. ![Okta integration step](/static/caasm/integrations/okta_integration_step_2.png "Okta integration step") 6. Select **Save Changes** when complete. 7. Log out of Okta, and then log back in with the new service account. 8. Navigate to *Admin -> API -> Tokens* and select the **Create Token** button. 9. Enter a name for the token, such as "NetspiAppServiceToken", and select **Create Token**. ![Okta integration step](/static/caasm/integrations/okta_integration_step_3.png "Okta integration step") 10. Copy the API token. This will be pasted into the the NetSPI Platform CAASM integration step below. ![Okta integration step](/static/caasm/integrations/okta_integration_step_4.png "Okta integration step") 11. Select **OK, got it** to save your changes. ### Step two: NetSPI Platform CAASM configuration Use the steps below to configure the Okta Integration in the NetSPI Platform. 1. Log into the NetSPI Platform as a Client Admin user. 2. Navigate to *Settings -> CAASM Integrations* to display the Integrations page. ![Platform Integrations page](/static/caasm/integrations/integrations_landing.png "Platform Integrations page") 3. Select the *Integration Library tab -> Integration Categories / Identity and Access Management (IAM) -> Okta Integration*. ![Integration Library tab](/static/caasm/integrations/select_integration_okta.png "Integration Library tab") This brings the Okta integration card into focus. !!!Note You can also locate the integration card by: - Scrolling down the page on the *Integration Library* tab - Filter the integration options displayed by selecting any of the other left navigation choices besides *Integration Categories*, e.g., by *Modules* or *Integration Scopes* (cloud or on premise) - Enter the integration name in the Search integration bar !!! 4. Select the **Add** button on the Okta card to display the Okta integration configuration page. ![Okta integration page](/static/caasm/integrations/integrations_okta.png "Okta integration page") 5. Select and enter values for the following fields. 1. Select the integration type from the *Integration* drop-down list. In this case, *Okta Integration*, which is already selected by default. 2. Select the integration scope from the *Scope* drop-down list. The Okta integration can only run on a cloud scope, which was configured by NetSPI and *Cloud* displays as the default value. 3. Enter an integration name and description in the *Integration Name* and *Description* fields. 4. Select the *Enabled* slider button to display as either on (blue) or off (light gray). 5. Enter or copy/paste the Okta host name and API token you created in step 5 of the [Step one: Okta system configuration](#step-one-okta-system-configuration) above into the *Server* and *API Token* fields. 6. Select **Create** to create the integration. The new integration now displays on the Applied Integrations tab with its statuses: current and last run, last run time, and status (enabled/disabled).