Okta

Infinity XDR Extended Detection & Response/XPR Extended Prevention & Response analyzes the Check Point Identity Next logs from Okta for malicious or abnormal activity, generates an incident and suggests preventive actions.

Integrating Okta

1. Access the Infinity XDR/XPR Administrator Portal:

2. Go to Settings > Integrations.

3. In the Available integrations section, in the Okta widget, click Integrate.

   

   The Okta Integration window appears.

4. Click the link to integrate Okta with Check Point Infinity Portal.

   

   The Identity & Access page in the Infinity Portal appears.

   

5. Set up the Okta integration with Infinity Portal. For instructions, see SSO authentication with Okta.

   After the integration is completed, permissions to reset passwords are granted by default.

   The system displays the Okta integration card in the Identity & Access page.

   

6. To check if the integration is successful, in the Infinity XDR/XPR Administrator Portal:

   • Go to Settings > Integrations.

     In the Integrated products section, verify if Okta is listed as Active.

     

     Note - The widget will display Inactive status until Infinity XDR/XPR begins receiving logs from Okta.

   • Go to the Overview page and in the Connectivity widget, verify if Okta is listed as connected.

     

Deleting the Integration

1. Go to Settings > Integrations.

2. In the Okta widget, click the icon and then click Delete integration.

   The Delete Okta window appears.

   

3. Click the Identity & Access link.

   The Identity & Access page appears.

4. On the Okta integration card, click the icon and then click Remove.

   

Supported Preventive Actions

When Infinity XDR/XPR detects malicious activity that involves Okta IDP, it generates an incident and recommends preventive actions to mitigate it.

The supported preventive actions include resetting the user's Okta password and revoking the session through Okta.

Important - You cannot revert the reset password action.

To view the recommended preventive actions for the incident:

1. Go to Incidents page and click the incident title or hover over the incident and click >.

2. In the incident Overview page, go to Prevention widget.

   The system shows the recommended preventive actions in the Recommendations section.

3. To reset the user password, click Reset.

   

   Note - To ensure security, Infinity XDR/XPR resets password for all the connected identity providers integrated through Identity Next.

   Once the password is reset, the end-user receives an email notification to reset the Okta password.

4. To view the preventive action taken, see the Prevention History section.

   

   For more information, see IncidentsOverview > Prevention.