This guide provides an overview of the Okta Identity Management app that facilitates connectivity between Nuclei and Okta. Okta connectivity enhances Nuclei Compliance with the following additional capabilities:
- Selective Capture (based on Okta group membership)
- Selective Archiving (based on Okta group membership)
- Extended Metadata Tagging (with Okta user metadata)
The following prerequisites are required to enable successful deployment of the app:
- Okta Developer Edition organization
- Okta service account
- Okta API token
Different Okta API operations require different admin privilege levels. API tokens inherit the privilege level of the admin account that is used to create them. It is therefore good practice to create a service account to use when you create API tokens so that you can assign the token the specific privilege level needed. See Administrator for documentation on available Okta admin account types and the specific privileges of each.
Nuclei will require a service account with the following permissions:
- User Permissions
- View users and their details
- Group Permissions
- View groups
Create the token
To create an API token, follow these steps:
Sign in to your Okta organization as a user with administrator privileges.
API tokens have the same permissions as the user who creates them, and if the user permissions change, the API token permissions also change.
See the section above on Privilege Levels, regarding the use of a service account when creating an API token, to specifically control the privilege level associated with the token.
In the Admin Console, select Security > API from the menu and then select the Tokens tab.
Click Create Token.
Name your token and click Create Token.
Record the token value. This is the only opportunity to see it and record it.
Submit Information to Nuclei
- Navigate to https://support.nuclei.ai/hc
- Select "Submit a request"
- Select: "Provisioning (Okta for Nuclei Compliance"
- Complete all fields
- Okta API Token
- Select "Submit"
For support deploying Okta for Nuclei into your Okta environment, please contact Nuclei's support team at firstname.lastname@example.org.