steampipe plugin install okta

Table: okta_device - Query Okta Devices using SQL

Okta Devices enhances security and user experience by leveraging device identity and context as part of the organization's overall identity and access management strategy. It enables businesses to enforce security policies while providing flexible and convenient access to applications and services across any device.

Table Usage Guide

The okta_device table delivers a comprehensive view of the devices that interact with the Okta ecosystem, presenting crucial information for IT and security professionals. As a part of your security and device management strategy, leverage this table to dive into device-specific data, encompassing device type, status, registration details, and security posture. This table is instrumental for assessing the landscape of devices accessing corporate resources, enabling the identification of unmanaged or insecure devices, evaluating the adherence of devices to corporate security policies, and pinpointing potential security risks tied to device access.

Examples

Basic info

Explore which device have been created and their current status. This can be useful to understand the security measures in place for each device and if they are active or not.

select
display_name,
id,
created,
last_updated,
resource_type,
status
from
okta_device;
select
display_name,
id,
created,
last_updated,
resource_type,
status
from
okta_device;

Get device by device ID

Determine the security factor settings associated with a specific user, which can be useful in understanding the user's security setup and status. This can be particularly helpful in troubleshooting or auditing security compliance.

select
id,
display_name,
resource_type,
created,
status
from
okta_device
where
id = 'ost1l5cklwIRvLzUY5d7';
select
id,
display_name,
resource_type,
created,
status
from
okta_device
where
id = 'ost1l5cklwIRvLzUY5d7';

List embedded user details of the devices

Explore which factors are provided by Okta to gain insights into the status and creation dates of these factors. This can be useful in managing user security settings and assessing the elements within your Okta environment.

select
d.id,
d.display_name,
d.status,
u ->> 'Created' as user_created,
u ->> 'ManagementStatus' as user_management_status,
u ->> 'ScreenLockType' as screen_lock_type,
u -> 'User' as user_info
from
okta_device as d,
jsonb_array_elements(d.embedded -> 'Users') as u;
select
d.id,
d.display_name,
d.status,
json_extract(u.value, '$.Created') as user_created,
json_extract(u.value, '$.ManagementStatus') as user_management_status,
json_extract(u.value, '$.ScreenLockType') as screen_lock_type,
json_extract(u.value, '$.User') as user_info
from
okta_device d,
json_each(json_extract(d.embedded, '$.Users')) as u;

Get device profile details

Explore the valuable insights that can enhance device security management, compliance monitoring, and operational decision-making within an organization.

select
display_name,
id,
imei,
os_version,
platform,
sid,
udid,
model,
serial_number,
profile ->> 'DiskEncryptionType' as disk_encryption_type,
profile ->> 'IntegrityJailbreak' as integrity_jailbreak,
profile ->> 'Manufacturer' as manufacturer,
profile ->> 'Meid' as meid,
profile ->> 'Registered' as registered,
profile ->> 'SecureHardwarePresent' as secure_hardware_present,
profile ->> 'TpmPublicKeyHash' as tpm_public_key_hash
from
okta_device;
select
display_name,
id,
imei,
os_version,
platform,
sid,
udid,
model,
serial_number,
json_extract(profile, '$.DiskEncryptionType') as disk_encryption_type,
json_extract(profile, '$.IntegrityJailbreak') as integrity_jailbreak,
json_extract(profile, '$.Manufacturer') as manufacturer,
json_extract(profile, '$.Meid') as meid,
json_extract(profile, '$.Registered') as registered,
json_extract(profile, '$.SecureHardwarePresent') as secure_hardware_present,
json_extract(profile, '$.TpmPublicKeyHash') as tpm_public_key_hash
from
okta_device;

Schema for okta_device

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
additional_propertiesjsonbadditional properties of the device.
createdtimestamp with time zoneTimestamp when device was created.
display_nametext=Display name of the device.
domaintext=, !=, ~~, ~~*, !~~, !~~*The okta domain name.
embeddedjsonbList of associated users for the device if the expand=user query parameter is specified in the request. Use expand=userSummary to get only a summary of each associated user for the device.
idtext=Unique key for the device.
imeitext=International Mobile Equipment Identity (IMEI) of the device
last_updatedtimestamp with time zoneTimestamp when the device record was last updated.
linksjsonbSpecifies link relations (see Web Linking) available for the current status of an application using the JSON Hypertext Application Language specification.
modeltext=Model of the device.
os_versiontext=Version of the device OS.
platformtext=Platform of the device.
profilejsonbThe Device's Profile properties.
resource_display_namejsonbDisplay name of the device.
resource_idtextAlternate key for the Id.
resource_typetextThe resource type.
serial_numbertext=Serial number of the device.
sidtext=Windows Security identifier of the device.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustext=The state object of the device.
titletextThe title of the resource.
udidtext=macOS Unique Device identifier of the device.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- okta

You can pass the configuration to the command with the --config argument:

steampipe_export_okta --config '<your_config>' okta_device