# Okta Integrating **Okta** with **ThreatDefence** allows user and authentication activity to be streamed into ThreatDefence for centralized monitoring and incident response. This provides visibility into login attempts, policy enforcement, and identity-related risks, enabling faster detection and response to account misuse, phishing, and unauthorized access. *** ## Before You Begin * Sign in to **Okta** as a user with **administrator permissions**. * The following roles have the necessary permissions: **Read Only Admin**, **Super Admin**, or **Org Admin**. * ThreatDefence recommends creating and using a **dedicated Read Only Admin role** specifically for generating the Okta API token. > **Important Notes:** > > * The API token inherits the permissions of the user who created it. If that user’s role changes, the token permissions also change. > * To ensure uninterrupted collection, the user must remain **active** for as long as the token is in use. > * The token-creating user must have these Okta permissions: > * View users > * View groups > * View System Log *** ## Step 1. Create an Okta API Token 1. Sign in to Okta with administrator permissions. 2. Go to **Security → API**. 3. On the **Tokens** tab, click **Create Token**. 4. Enter a descriptive name for the token, for example: **ThreatDefence - Log Integration**. 5. Under **API calls made with this token must originate from**, select **Any IP**. 6. Click **Create Token**. 7. Copy the **Token value** and store it securely (e.g., a password vault). > ⚠️ The token value cannot be retrieved again after closing this form. 8. Confirm the new token appears in the list of active API tokens. *** ## Step 2. Configure Okta ThreatInsight Okta ThreatInsight helps reduce noise by logging malicious or suspicious IP activity. 1. In the Admin Console, go to **Security → General**. 2. Locate **Okta ThreatInsight settings** and click **Edit**. 3. Select **Log authentication attempts from malicious IPs**. * (Optional) If you’ve configured trusted IPs (e.g., gateways, Okta agents), you can select **Log and enforce security based on threat level**. 4. In the **Exempt Zones** field, add network zones containing IPs you trust. 5. Click **Save**. *** ## Step 3. Provide Okta Credentials to ThreatDefence Send the following details to your ThreatDefence representative at\ 📧 ****: * API Token * Okta Tenant URL Once provided, ThreatDefence will configure ingestion so Okta activity is correlated with other security telemetry for monitoring, detection, and incident response. *** ## Self Setup via TD Portal If you prefer to configure the Okta Integration yourself, you can do so directly through the TD portal without contacting support. 1. Sign into **TD Portal.** 2. Navigate to **Integrations → Add.**
3. Select **Okta** from the list of available integrations.
4. Enter your **Okta Tenant URL** in the provided field. **Note**: API URL must be in this exact format: **** Paste your **Okta API Token** (generated in Step 1 above).
5. Click **ADD.** *** ## Support For questions or assistance, please contact:\ 📧 **** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.threatdefence.com/siem-integrations/sso-and-identity/okta.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.