Edit

Share via

Integrate Okta with Microsoft Defender for Identity (Preview)

Okta manages how users and customers sign in and get access to key systems. Since it plays a central role in identity and access management, any compromise whether accidental or intentional can lead to serious security risks. By integrating Microsoft Defender for Identity with Okta, you gain stronger identity protection. Defender for Identity monitors sign-in activity, detects unusual behavior, and highlights threats related to compromised or misused identities. It also identifies risks like suspicious role assignments or unused high-privilege accounts, using Okta data to deliver clear, actionable insights that help keep your organization secure.

Prerequisites

Before connecting your Okta account to Microsoft Defender for Identity, make sure the following prerequisites are met:

  1. Your Okta environment must have one of the following licenses:

    • Developer

    • Enterprise

Note

The Super Admin role is required only to create the API token. Once the token is created, remove the role and assign the Read-Only Administrator and Defender for Identity custom roles for ongoing API access.

Note

If your Okta environment is already integrated with Microsoft Defender for Cloud Apps, connecting it to Microsoft Defender for Identity might cause duplicate Okta data, such as user activity, to appear in the Defender portal.

Connect Okta to Microsoft Defender for Identity

This section provides instructions for connecting Microsoft Defender for Identity to your dedicated Okta account using the connector APIs. This connection gives you visibility into and control over Okta use.

Create a dedicated Okta account

  1. Create a dedicated Okta account that is used only for Microsoft Defender for Identity.
  2. Assign your Okta account as a Super Admin role.
  3. Verify your Okta account.
  4. Store the account credentials for later use.
  5. Sign in to your dedicated Okta account created in step 1 in order to create an API token.

Create an API token

  1. In the Okta console, select Admin.

    Screenshot that shows how to access the Admin button in the Okta console.

  2. Select Security > API.

    Screenshot of the Okta admin console navigation menu with Security and API options highlighted in the left pane.

  3. Select Tokens

  4. Select Create Token.

    Screenshot of the Okta API Tokens tab with the Create token button highlighted.

  5. In the Create token pop-up:

    1. Enter a name for your Defender for Identity token
    2. Select Any IP
    3. Select Create token.

    Screenshot of the Okta Create token form with fields for token name and IP restriction, and the Create token button highlighted.

  6. In the Token created successfully pop-up, copy the Token value and store it securely. This token is used to connect Okta to Defender for Identity.

    Screenshot of the Okta token creation success message.

Add Custom user attributes

  1. Select Directory > Profile Editor.

  2. Select User (default).

  3. Select Add Attributes.

    1. Set Data type to String.
    2. Enter the Display name.
    3. Enter the Variable name.
    4. Set User permission to Read Only.

  4. Enter the following attributes:

    Display Name Variable Name
    ObjectSid ObjectSid
    ObjectGuid ObjectGuid
    DistinguishedName DistinguishedName

  5. Select Save.

  6. Verify that the three custom attributes you added are displayed correctly.

    Screenshot of the Okta Attributes page. Three attributes are shown: ObjectGuid, DistinguishedName, and ObjectSid.

Create a custom Okta role

To support ongoing API access, Read-Only Administrator role and the custom Defender for Identity role are required.

After assigning both roles, you can remove the Super Admin role. This ensures that only relevant permissions are assigned to your Okta account at all times.

  1. Navigate to Security > Administrator.
  2. Select the Roles tab.
  3. Select Create new role.
  4. Set the role name to Microsoft Defender for Identity.
  5. Select the permissions you want to assign to this role. Include the following permissions:
    • Edit user's lifecycle states
    • Edit user's authenticator operations
    • View roles, resources, and admin assignments
  6. Select Save role.

Screenshot showing a list of Okta permissions that need to be assigned when adding a custom role.

Create a resource set

  1. Select the Resources tab.

  2. Select Create new resource set.

  3. Name the resource set Microsoft Defender for Identity.

  4. Add the following resources:

    • All users
    • All Identity and Access Management resources

    Screenshot that shows the resource set name is Microsoft Defender for Identity.

  5. Select Save selection.

Assign the custom role and resource set

To complete the configuration in Okta, assign the custom role and resource set to the dedicated account.

  1. Assign the following roles to the dedicated Okta account:

    • Read-Only Administrator.

    • The custom Microsoft Defender for Identity role

  2. Assign the Microsoft Defender for Identity resource set to the dedicated Okta account.

  3. When you're done, remove the Super Admin role from the account.

Connect Okta to Defender for Identity

  1. Navigate to the Microsoft Defender Portal

  2. Select Settings > Identities > Okta integration

    Screenshot showing the Microsoft Defender for Identity settings page with the Okta Integration option highlighted.

  3. Select +Connect Okta instance.

  4. Enter your Okta domain (for example, acme.okta.com).

  5. Paste the API token you copied from your Okta account.

  6. Select Save.

    Screenshot that shows how to connect your Okta instance.

  7. Verify that your Okta environment appears in the table as enabled.

    Screenshot that shows the Okta environment has been added and is enabled.