steampipe plugin install okta

Table: okta_auth_server - Query Okta Authorization Servers using SQL

An Okta Authorization Server is a component within Okta that provides developers with different types of security tokens such as JSON Web Tokens (JWT) and access tokens. It is responsible for maintaining a set of resources, defining access policies, and performing token generation and distribution. The server is critical for managing and securing access to web applications and APIs.

Table Usage Guide

The okta_auth_server table provides insights into the configuration and policies of Okta Authorization Servers. As a security engineer or developer, explore server-specific details through this table, including the server's name, audience, issuer mode, and associated metadata. Utilize it to uncover information about the authorization servers, such as the server's status, the creation and last modified dates, and the verification of access policies.

Examples

Basic info

Explore the status and update history of your authentication servers. This can be useful to track changes over time and ensure all servers are functioning as expected.

select
name,
id,
audiences,
created,
last_updated,
status
from
okta_auth_server;
select
name,
id,
audiences,
created,
last_updated,
status
from
okta_auth_server;

List authorization servers where manual rotation signing keys are not rotated in more than 90 days

Determine the areas in which authorization servers have not had their manual rotation signing keys rotated in more than 90 days. This is useful for maintaining security standards and ensuring regular key rotation.

select
name,
id,
audiences,
created,
last_updated,
credentials -> 'signing' ->> 'lastRotated' as last_rotated,
status
from
okta_auth_server
where
credentials -> 'signing' ->> 'rotationMode' = 'MANUAL'
and CAST(credentials -> 'signing' ->> 'lastRotated' as date) < current_timestamp - interval '90 days';
select
name,
id,
audiences,
created,
last_updated,
json_extract(credentials, '$.signing.lastRotated') as last_rotated,
status
from
okta_auth_server
where
json_extract(credentials, '$.signing.rotationMode') = 'MANUAL'
and date(
json_extract(credentials, '$.signing.lastRotated')
) < date('now', '-90 days');

List inactive authorization servers

Analyze the settings to understand which authorization servers are currently inactive. This is useful for maintaining server efficiency and ensuring all resources are optimally utilized.

select
name,
id,
audiences,
created,
last_updated,
status
from
okta_auth_server
where
status = 'INACTIVE';
select
name,
id,
audiences,
created,
last_updated,
status
from
okta_auth_server
where
status = 'INACTIVE';

Schema for okta_auth_server

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
audiencesjsonbThe audiences of the authorization server.
createdtimestamp with time zoneTimestamp when the authorization server was created.
credentialsjsonbThe authorization server credentials.
descriptiontextA human-readable description of the authorization server.
domaintext=, !=, ~~, ~~*, !~~, !~~*The okta domain name.
idtext=Unique key for the authorization server.
issuertextThe issuer URI of the authorization server.
issuer_modetextThe issuer mode of the authorization server.
last_updatedtimestamp with time zoneTimestamp when the authorization server was last updated.
nametext=The name for the authorization server.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextThe status of the authorization server.
titletextThe title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- okta

You can pass the configuration to the command with the --config argument:

steampipe_export_okta --config '<your_config>' okta_auth_server