Okta
Okta CLI
This CLI feature integrates with Okta and will allow you to pull data from your Okta instance.
authenticate
- Allows the user to authenticate with Okta API to verify the credentials are correct in init.yamlget_active_users
- Downloads active users from Okta and saves them to a fileget_admin_users
- Downloads users with admin roles from Okta and saves them to a fileget_all_users
- Downloads all users from Okta and saves them to a fileget_inactive_users
- Downloads users that haven't logged in within X days from Okta and saves them to a fileget_recent_users
- Downloads users that were recently added within X days to Okta and saves them to a file
init.yaml Configuration
oktaUrl
- URL for your Okta instanceoktaClientId
- Client id registered to your Application in OktaoktaApiToken
- API access token, generated within Okta admin portaloktaScopes
- What permissions the RegScale CLI application is allowed from Okta admin portal (requires okta.users.read and okta.roles.read)oktaSecretKey
- Only used if Bearer token is your desired authentication method with Okta API
Okta Integration Workflow
- Add your Okta domain url into
oktaUrl
in theinit.yaml
- Create a custom API Application in Okta, assign it okta.users.read and okta.roles.read scopes
- Paste the client id from Okta into
oktaClientId
in theinit.yaml
- Determine which type of authentication method to configure for your API Application in Okta
- SSWS: Create an API token within Okta then paste it into oktaApiToken in init.yaml
- Bearer: Go to your API application and Follow these steps
- Execute the authenticate command and enter which method used above
- Follow the commands if any were provided by RegScale CLI
Example Commands
Log into RegScale to set the token, which is good for 24 hours, and will secure all future RegScale API calls. (NOTE: You can skip this step if you are using a RegScale Service Account.)
regscale login
Enter the parameters below with your information
authenticate
- Authenticate with Okta API to verify the credentials are correct in init.yaml--type
- The type of authentication method to use with Okta API, either SSWS or Bearer allowed
get_active_users
- Downloads active users from Okta and saves them to a file--save_output_to
- The file path to save the formatted active users output from Okta--file_type
- The desired file type to save the formatted output from Okta, current accepts .xlsx or .csv formats
get_admin_users
- Downloads admin users from Okta and saves them to a file--save_output_to
- The file path to save the formatted active users output from Okta--file_type
- The desired file type to save the formatted output from Okta, current accepts .xlsx or .csv formats
get_all_users
- Downloads all users from Okta and saves them to a file--save_output_to
- The file path to save the formatted active users output from Okta--file_type
- The desired file type to save the formatted output from Okta, current accepts .xlsx or .csv formats
get_inactive_users
- Downloads users that haven't logged in within X days from Okta and saves them to a file--days
- The number of days a user hasn't signed in to be considered inactive, default is 30--save_output_to
- The file path to save the formatted active users output from Okta--file_type
- The desired file type to save the formatted output from Okta, current accepts .xlsx or .csv formats
get_new_users
- Downloads users that were created within X days from Okta and saves them to a file--days
- The number of days to see if a user has been added to Okta, default is 30--save_output_to
- The file path to save the formatted active users output from Okta--file_type
- The desired file type to save the formatted output from Okta, current accepts .xlsx or .csv formats
init.yaml Example
The following init.yaml
structure is necessary (example/notional key structure shown below, replace with actual customer keys):
domain: https://mycompany.regscale.com
token: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6IkpXVCJ9.eyJzdWIiOiJhYmVsYXJkbyJ9.b-ao0bpoc6CiJ3ygG8-XOk_gwn8BehAcuLGaPB6rlu8
oktaUrl: https://mycompany.okta.com/
oktaApiToken: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2NzA4ODE5NDYsImF1ZCI6Imh0dHBzOi8vcmVnc2NhbGUuY29tL2RvY3VtZW50YXRpb24vY2xpLW9rdGEiLCJzdWIiOiJBQmVsYXJkbyJ9.6eaQ8cs4_CS-VqSgPaXFpDdG9BsQge5UgXyi_ABfk5E
oktaClientId: 3ckjyHsh1O
oktaScopes: okta.users.read okta.roles.read
oktaSecretKey:
d: fUw_FM3KetY2m-CCcVglEBFofgrpEOg3_1j_bH5dN0ZUPzxa7NboCU1T1Ymm_mWskEcX_nXqPPo_wgHpXOEx6fs-qmX_b07omdwIWWWMyOD1Av_J1hr2qy6fXluh6vMM658Zj9txo-a2Np5em8UOIOy9Ckpb019Q4JyLV01QIbJdXM0jVNyBZ_WkyLRpyKzGBKLOqSLJgZU7POdFtMAMP1F93wKaVsZGjURoYhf74CyFFauoTFxMtEm4i3pDXtwxW_DeaFR-CfystmMP8-0f_c5eimYVTSO3gusMmz9gzWj0MLsNjNHDLj3Xb8tfSfnFUbRVBlB2v3eQF3_NIpzzwQ,
dp: aNAmiTQfWpG11vvOosj9Nk91YBoko30slMPlLVNhThd907hOkKOJMQaw3TkBJpdqzIuEp_uI5-hFOSpg5d7tbR5gCnIknf110QsjyRc9yzMsjpmG4nHCK3Y4bwh_j215GJcs-cZFvvFyedmaXSk_yZ3KSL32Pk0h4Y89J6vpYCE,
dq: M3aWjqfjqXiLR2VHDW1L9lq0kxJXQhv2Krz_A6JKmAam52e4ZZgNyIcc-2Pb2_MJDBkndKav-boewddKWDOMjdg3pO1wzfNqt1FqLWpY8uvmRFT9k4RUFwIjqy4vjT-neZpKkpmUonr6q02EJCCQ-W-W8T0BWJFCtOqCYhBV8V0,
e: AQAB,
kid: tFD8DypMJ45XvcOgnm9E0AVHKrdsirqlvlIZu8QwNs9LDrisjSWpZeRF3N9xxbJU0xKqXe,
kty: RSA,
n: i64Q-oe2ApbxpLdI33PGv0n7Y_cGlnAms49ixa2yl4KsfaPpGakhYyVn_rM6JYfND2jGskrkh-8XETQSyfvx7CgvyQxjUwwXmuPUzxxn0rzUm03rci8uPd3Pd-g1OVK_wpnRGM23O4YiRrHEXFCsDGWXddYFyBwhq0rrgJ-VU5W93qpKCtwCmWOel-0RjyK2SIXmxNjUaQCJGejmpkEJPMKZByDw8yW9pXj7-U-pHmpF37U443gwk6ZPRjjyLJxxdymiGY4bwEgRIVISWvDRUB4yblY8bmlL5Elie7foQWWVy4he7uynpTWOoR99Hoh9esfTxGi8OZIMk27zeCgVz,
p: v_NKXVS-9s7bgdJXwC_X70PqE_-E03l0dfPaS3XlfB8L05OugzZzx0j-soocWqepnMgGNK5E17Rv5KRDIansJE94i2z4xpmLU-tCqML4tNnP6WF8bh0FAIDoYz3tFdNzbnfn-HgQLQiUiHab2sUL6OtamPJM-Zmlp496egx0btE,
q: uknA0B1xhNiEr7yPTVXOMeT6Wuc3uygeTBaXgIjY_jGPDXSqCOoWt3Yv6Z1SgK8tXLeVhmZ3JbZIQObu0CKua1TfpnuFXx8Ek9jTZp6YsuhyI6ZhiwjjagmC8EKqQ0QCHEazgKGiewnfJKq-X1cS7uJ-5tg7sSMZRSy2zoHGTj0,
qi: NubiSoHx0a9L5fnRt0zrNZdQEmRLGBqFZlzeOZDaZXd8HFWk9APppYb-6XyRH5rQeSOa2FkLQxe9xDnCxrMMcjkFIgZrp9HR1kZ3R-wqYjraA3dU7uYbwTZpUbo2xagNUYXyHgVlgjFZUPUdxlNlSRtKSh3QUexm3mfE9-3hlG8
Building a Bash Script to Execute the CLI
You can execute RegScale CLI commands using scripts. These scripts could be in Bash, Python, PowerShell, etc. Below is an example Bash file (named get_okta_active_users.sh
) in Ubuntu for executing the CLI to compare two files.
#!/bin/sh
# Download active users from Okta and save them to a .xlsx file
regscale okta get_active_users --save_output_to okta_files/users --file_type .xlsx
To execute the Bash file, run this command: /path/to/folder/get_okta_active_users.sh
. You can chain together any arbitrary set of CLI commands to have them execute sequentially.
Updated 12 months ago