steampipe plugin install okta

Table: okta_group - Query Okta Groups using SQL

Okta Groups are a collection of users defined in the Okta service. They provide a way to manage users and their access to applications and resources. Groups are central to the role-based access control (RBAC) model in Okta, and they can be used for assigning roles and permissions.

Table Usage Guide

The okta_group table provides insights into groups within Okta. As an IT administrator, explore group-specific details through this table, including group profile, type, and associated users. Utilize it to manage access control, identify groups with specific roles, and verify the consistency of group memberships.

Important Notes

  • This table supports an optional filter column to query results based on Okta supported filters.

Examples

Basic info

Explore the basic information about user groups in Okta to understand their purpose and configuration. This is useful for managing access controls and implementing security policies.

select
name,
id,
type,
description,
jsonb_pretty(profile) as profile
from
okta_group;
select
name,
id,
type,
description,
profile
from
okta_group;

List groups without membership changes for more than 30 days

Determine the groups that have not undergone membership alterations in over a month. This could be useful for identifying inactive or stagnant groups and assessing the need for membership reviews or updates.

select
name,
id,
type,
age(current_timestamp, last_membership_updated) as last_membership_updated
from
okta_group
where
last_membership_updated < current_timestamp - interval '30 days';
select
name,
id,
type,
julianday('now') - julianday(last_membership_updated) as last_membership_updated
from
okta_group
where
julianday('now') - julianday(last_membership_updated) > 30;

List groups with profile or membership updates after a specific date using a filter

Explore which groups have had updates to their profiles or memberships after a specific date. This is useful for keeping track of recent changes in group data and ensuring up-to-date information.

select
name,
id,
type,
last_updated,
last_membership_updated
from
okta_group
where
filter = 'type eq "OKTA_GROUP" and (lastUpdated gt "2021-05-05T00:00:00.000Z" or lastMembershipUpdated gt "2021-05-05T00:00:00.000Z")';
select
name,
id,
type,
last_updated,
last_membership_updated
from
okta_group
where
filter = 'type eq "OKTA_GROUP"'
and (
datetime(lastUpdated) > datetime('2021-05-05T00:00:00')
or datetime(lastMembershipUpdated) > datetime('2021-05-05T00:00:00')
);

Get group member details for each group

Determine the members associated with each group within your organization. This can help in understanding the group structure and managing user access effectively.

select
name,
id,
jsonb_pretty(group_members) as group_members
from
okta_group;
select
name,
id,
group_members
from
okta_group;

Schema for okta_group

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
createdtimestamp with time zoneTimestamp when Group was created.
descriptiontextDescription of the Group.
domaintext=, !=, ~~, ~~*, !~~, !~~*The okta domain name.
filtertext=Filter string to [filter](https://developer.okta.com/docs/reference/api/users/#list-users-with-a-filter) users. Input filter query should not be encoded.
group_membersjsonbList of all users that are a member of this Group.
idtext=Unique key for Group.
last_membership_updatedtimestamp with time zone>, >=, =, <, <=Timestamp when Group's memberships were last updated.
last_updatedtimestamp with time zone>, >=, =, <, <=Timestamp when Group's profile was last updated.
nametextName of the Group.
object_classjsonbDetermines the Group's profile.
profilejsonbThe Group's Profile properties.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextThe title of the resource.
typetext=Determines how a Group's Profile and memberships are managed. Can be one of OKTA_GROUP, APP_GROUP or BUILT_IN.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- okta

You can pass the configuration to the command with the --config argument:

steampipe_export_okta --config '<your_config>' okta_group