Table: okta_device - Query Okta Devices using SQL
Okta Devices enhances security and user experience by leveraging device identity and context as part of the organization's overall identity and access management strategy. It enables businesses to enforce security policies while providing flexible and convenient access to applications and services across any device.
Table Usage Guide
The okta_device table delivers a comprehensive view of the devices that interact with the Okta ecosystem, presenting crucial information for IT and security professionals. As a part of your security and device management strategy, leverage this table to dive into device-specific data, encompassing device type, status, registration details, and security posture. This table is instrumental for assessing the landscape of devices accessing corporate resources, enabling the identification of unmanaged or insecure devices, evaluating the adherence of devices to corporate security policies, and pinpointing potential security risks tied to device access.
Examples
Basic info
Explore which device have been created and their current status. This can be useful to understand the security measures in place for each device and if they are active or not.
select display_name, id, created, last_updated, resource_type, statusfrom okta_device;select display_name, id, created, last_updated, resource_type, statusfrom okta_device;Get device by device ID
Determine the security factor settings associated with a specific user, which can be useful in understanding the user's security setup and status. This can be particularly helpful in troubleshooting or auditing security compliance.
select id, display_name, resource_type, created, statusfrom okta_devicewhere id = 'ost1l5cklwIRvLzUY5d7';select id, display_name, resource_type, created, statusfrom okta_devicewhere id = 'ost1l5cklwIRvLzUY5d7';List embedded user details of the devices
Explore which factors are provided by Okta to gain insights into the status and creation dates of these factors. This can be useful in managing user security settings and assessing the elements within your Okta environment.
select d.id, d.display_name, d.status, u ->> 'Created' as user_created, u ->> 'ManagementStatus' as user_management_status, u ->> 'ScreenLockType' as screen_lock_type, u -> 'User' as user_infofrom okta_device as d, jsonb_array_elements(d.embedded -> 'Users') as u;select d.id, d.display_name, d.status, json_extract(u.value, '$.Created') as user_created, json_extract(u.value, '$.ManagementStatus') as user_management_status, json_extract(u.value, '$.ScreenLockType') as screen_lock_type, json_extract(u.value, '$.User') as user_infofrom okta_device d, json_each(json_extract(d.embedded, '$.Users')) as u;Get device profile details
Explore the valuable insights that can enhance device security management, compliance monitoring, and operational decision-making within an organization.
select display_name, id, imei, os_version, platform, sid, udid, model, serial_number, profile ->> 'DiskEncryptionType' as disk_encryption_type, profile ->> 'IntegrityJailbreak' as integrity_jailbreak, profile ->> 'Manufacturer' as manufacturer, profile ->> 'Meid' as meid, profile ->> 'Registered' as registered, profile ->> 'SecureHardwarePresent' as secure_hardware_present, profile ->> 'TpmPublicKeyHash' as tpm_public_key_hashfrom okta_device;select display_name, id, imei, os_version, platform, sid, udid, model, serial_number, json_extract(profile, '$.DiskEncryptionType') as disk_encryption_type, json_extract(profile, '$.IntegrityJailbreak') as integrity_jailbreak, json_extract(profile, '$.Manufacturer') as manufacturer, json_extract(profile, '$.Meid') as meid, json_extract(profile, '$.Registered') as registered, json_extract(profile, '$.SecureHardwarePresent') as secure_hardware_present, json_extract(profile, '$.TpmPublicKeyHash') as tpm_public_key_hashfrom okta_device;Schema for okta_device
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| additional_properties | jsonb | additional properties of the device. | |
| created | timestamp with time zone | Timestamp when device was created. | |
| display_name | text | = | Display name of the device. |
| domain | text | =, !=, ~~, ~~*, !~~, !~~* | The okta domain name. |
| embedded | jsonb | List of associated users for the device if the expand=user query parameter is specified in the request. Use expand=userSummary to get only a summary of each associated user for the device. | |
| id | text | = | Unique key for the device. |
| imei | text | = | International Mobile Equipment Identity (IMEI) of the device |
| last_updated | timestamp with time zone | Timestamp when the device record was last updated. | |
| links | jsonb | Specifies link relations (see Web Linking) available for the current status of an application using the JSON Hypertext Application Language specification. | |
| model | text | = | Model of the device. |
| os_version | text | = | Version of the device OS. |
| platform | text | = | Platform of the device. |
| profile | jsonb | The Device's Profile properties. | |
| resource_display_name | jsonb | Display name of the device. | |
| resource_id | text | Alternate key for the Id. | |
| resource_type | text | The resource type. | |
| serial_number | text | = | Serial number of the device. |
| sid | text | = | Windows Security identifier of the device. |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| status | text | = | The state object of the device. |
| title | text | The title of the resource. | |
| udid | text | = | macOS Unique Device identifier of the device. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oktaYou can pass the configuration to the command with the --config argument:
steampipe_export_okta --config '<your_config>' okta_device