The Okta Identity Cloud for Security Operations extends Security Incident Response (SIR) to take advantage of your Identity infrastructure powered by Okta. Customers with outstanding security incidents need to rapidly, reliably, and automatically add context to those incidents to include information about Users, their recent behaviors, and any exposure the business may face due to that user being involved in the incident.
By integrating SIR with Okta, security analysts can request extended information based on a specific user without leaving the ServiceNow environment. Information about a users recent login activity, device usage, application usage and group memberships can be automatically imported directly into the relevant incident. This enrichment data provides greater context to the scope and scale of the security incident, and can help companies more accurately assess risk and business impacts.
Further, the Okta Identity Cloud for Security Operations allows analysts or IT architects to take immediate action against an affected user, either manually or by way of an automatic workflow. User sessions can be cleared, passwords reset, and applications deprovisioned based on the outcome of the incident analysis, drastically shortening the time a company is exposed to user-related risk.
After extending Security Incident Response to include your Identity platform powered by the Okta Identity Cloud, analysts can increase the accuracy of risk assesments, dramatically reduce exposure to that risk, and rapidly remediate those risks directly related to users or applications, all without leaving the working Security Incident.
- Wizard-driven connection between Security Incident Response and your Okta org
- Integrated data feed from Okta into a working Incident
- Robust data feed from Okta identifying all aspects of a User:
- All provisioned applications
- All group memberships
- Recent activity from the Okta system log, filtered by user behaviors
- Full profile attribute list
- Immediate remediation actions available directly within the Incident
- Clear User Session in Okta
- Expire User Password in Okta
- Suspend / Unsuspend User in Okta (does not deprovision downstream applications)
- Deactivate / Reactivate User in Okta (deprovisions downstream applications)
- Change Group Membership
- Can be leveraged to change a users security posture by applying different policies in Okta to different groups
- Specifically deprovision User from Application
- Specifically add or remove a user from a Group
- All actions available as building blocks for integrated ServiceNow workflows (configuration required)
- Fully compatible with the Okta Identity Cloud applications using Okta as an Identity Provider in ServiceNow, for User Lifecycle Management and SSO.
Updated for Vancouver support
ServiceNow plugin application: Security Incident Response
ServiceNow Store application: Okta Identity Cloud API Access