# Okta Integrating **Okta** with **ThreatDefence** allows user and authentication activity to be streamed into ThreatDefence for centralized monitoring and incident response. This provides visibility into login attempts, policy enforcement, and identity-related risks, enabling faster detection and response to account misuse, phishing, and unauthorized access. *** ## Before You Begin * Sign in to **Okta** as a user with **administrator permissions**. * The following roles have the necessary permissions: **Read Only Admin**, **Super Admin**, or **Org Admin**. * ThreatDefence recommends creating and using a **dedicated Read Only Admin role** specifically for generating the Okta API token. > **Important Notes:** > > * The API token inherits the permissions of the user who created it. If that user’s role changes, the token permissions also change. > * To ensure uninterrupted collection, the user must remain **active** for as long as the token is in use. > * The token-creating user must have these Okta permissions: > * View users > * View groups > * View System Log *** ## Step 1. Create an Okta API Token 1. Sign in to Okta with administrator permissions. 2. Go to **Security → API**. 3. On the **Tokens** tab, click **Create Token**. 4. Enter a descriptive name for the token, for example: **ThreatDefence - Log Integration**. 5. Under **API calls made with this token must originate from**, select **Any IP**. 6. Click **Create Token**. 7. Copy the **Token value** and store it securely (e.g., a password vault). > ⚠️ The token value cannot be retrieved again after closing this form. 8. Confirm the new token appears in the list of active API tokens. *** ## Step 2. Configure Okta ThreatInsight Okta ThreatInsight helps reduce noise by logging malicious or suspicious IP activity. 1. In the Admin Console, go to **Security → General**. 2. Locate **Okta ThreatInsight settings** and click **Edit**. 3. Select **Log authentication attempts from malicious IPs**. * (Optional) If you’ve configured trusted IPs (e.g., gateways, Okta agents), you can select **Log and enforce security based on threat level**. 4. In the **Exempt Zones** field, add network zones containing IPs you trust. 5. Click **Save**. *** ## Step 3. Provide Okta Credentials to ThreatDefence Send the following details to your ThreatDefence representative at\ 📧 ****: * API Token * Okta Tenant URL Once provided, ThreatDefence will configure ingestion so Okta activity is correlated with other security telemetry for monitoring, detection, and incident response. *** ## Self Setup via TD Portal If you prefer to configure the Okta Integration yourself, you can do so directly through the TD portal without contacting support. 1. Sign into **TD Portal.** 2. Navigate to **Integrations → Add.**

3. Select **Okta** from the list of available integrations.

4. Enter your **Okta Tenant URL** in the provided field. **Note**: API URL must be in this exact format: **** Paste your **Okta API Token** (generated in Step 1 above).

5. Click **ADD.** *** ## Support For questions or assistance, please contact:\ 📧 ****