- Home
- Play books
- Okta - Policy creation
Okta - Policy creation
In this page
Playbook Description
This playbook disables self-service account unlock for a flagged user by creating or updating an Okta group. It then adds the user to the group, and applies a password policy with a rule that denies self-service unlock access.
MITRE D3FEND mapping
| Tactics | Techniques | Sub-techniques |
|---|---|---|
| Evict(D3-Evict) | Credential Eviction(D3-CE) | Account Locking(D3-AL) |
Playbook input type
Log
Prerequisites
- Okta configuration - Need to connect Okta using API key.
Playbook creation input
- connectionName - Provide the VirusTotal connection name for executing the VirusTotal APIs
Dependencies
Extension - okta
- okta_listgroup
- okta_creategroup
- okta_addtogroup
- okta_createpolicyrule
Connections
Okta Connection - Provide the okta connection name for executing the Okta APIs.
Execution workflow
Investigation:
- Retrieves the target group details including group name, policy name, and policy rule name.
- Builds a search filter to check if the target group already exists in Okta.
- Lists groups using the search filter to verify group existence.
Decision logic:
- Proceeds based on the following conditions:
- If the group already exists, adds the user directly to the existing group and proceeds to validation.
- If the group does not exist, proceeds to create the group, policy, and rule.
Remediation (group does not exist):
- Creates a new group in Okta.
- Adds the user to the newly created group.
- Builds the request data for a password policy rule to deny self-service unlock.
- Creates a password policy and associates it with the target group.
- Creates a password policy rule that denies self-service unlock for the group members.
