v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/okta
Overview
16Tables
Versions
GitHub
steampipe plugin install okta

Table: okta_authentication_policy - Query Okta Authentication Policies using SQL

Okta Authentication Policies are a set of rules that specify the actions to be taken during user authentication based on a variety of conditions. These policies govern the authentication requirements users must meet before they are granted access to applications. They are an integral part of Okta's adaptive multi-factor authentication (MFA) and can be used to increase an organization's security.

Table Usage Guide

The okta_authentication_policy table provides insights into Okta Authentication Policies. As a security analyst, you can leverage this table to understand the various authentication policies within your organization, including their priority, status, and the conditions under which they are applied. This information is crucial for auditing security measures and ensuring that your organization's authentication procedures are in line with best practices.

Important Notes

  • This feature is only available as a part of Identity Engine. For more information please see Authentication Policy.

Examples

Basic info

Explore the priority-based organization of Okta authentication policies. This query can be used to assess the order of policies based on their priority, providing insights into the system's security measures and configurations.

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_authentication_policy
order by
  priority;
select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_authentication_policy
order by
  priority;

List inactive sign-on policies

Explore which authentication policies are inactive. This is useful for maintaining security by identifying potential gaps in your active policies.

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_authentication_policy
where
  status = 'INACTIVE';
select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_authentication_policy
where
  status = 'INACTIVE';

Get rules details for each sign-on policy

This query is useful to gain insights into each authentication policy's rules within your system. It provides a detailed view of the rules' names, systems, statuses, priorities, actions, and conditions, aiding in policy management and security assessment.

select
  name,
  id,
  r -> 'name' as rule_name,
  r -> 'system' as rule_system,
  r -> 'status' as rule_status,
  r -> 'priority' as rule_priority,
  jsonb_pretty(r -> 'actions') as rule_actions,
  jsonb_pretty(r -> 'conditions') as rule_conditions
from
  okta_authentication_policy,
  jsonb_array_elements(rules) as r;
select
  name,
  id,
  json_extract(r.value, '$.name') as rule_name,
  json_extract(r.value, '$.system') as rule_system,
  json_extract(r.value, '$.status') as rule_status,
  json_extract(r.value, '$.priority') as rule_priority,
  r.value as rule_actions,
  r.value as rule_conditions
from
  okta_authentication_policy,
  json_each(rules) as r;

Schema for okta_authentication_policy

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
conditionsjsonbConditions for Policy.
createdtimestamp with time zoneTimestamp when the Policy was created.
descriptiontextDescription of the Policy.
idtextIdentifier of the Policy.
last_updatedtimestamp with time zoneTimestamp when the Policy was last modified.
nametextName of the Policy.
prioritybigintPriority of the Policy.
resource_mappingjsonbThe resources that are mapped to the Policy.
rulesjsonbEach Policy may contain one or more Rules. Rules, like Policies, contain conditions that must be satisfied for the Rule to be applied.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextStatus of the Policy: ACTIVE or INACTIVE.
systembooleanThis is set to true on system policies, which cannot be deleted.
titletextThe title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- okta

You can pass the configuration to the command with the --config argument:

steampipe_export_okta --config '<your_config>' okta_authentication_policy