steampipe plugin install okta

Table: okta_idp_discovery_policy - Query Okta Identity Provider Discovery Policies using SQL

Okta Identity Provider Discovery is a feature that allows organizations to route users to different identity providers based on certain conditions. These conditions are defined in the Identity Provider Discovery Policy. This feature helps organizations manage multiple identity providers and control user access based on their attributes or group membership.

Table Usage Guide

The okta_idp_discovery_policy table provides insights into the Identity Provider Discovery Policies within Okta. As a Security or IT administrator, explore policy-specific details through this table, including conditions, actions, and associated rules. Utilize it to uncover information about policies, such as those with specific conditions, the actions associated with each policy, and the verification of rules.

Examples

Basic info

Explore the priority-based arrangement of identity provider discovery policies in your system, which can help you understand their creation timelines, statuses, and associated identities for better management and security.

select
name,
id,
created,
status,
priority,
system
from
okta_idp_discovery_policy
order by
priority;
select
name,
id,
created,
status,
priority,
system
from
okta_idp_discovery_policy
order by
priority;

List system idp discovery policies

Explore the discovery policies in your system with this query. It helps you understand the priority and status of each policy, and when it was created, providing a comprehensive view of your system's identity provider (IdP) discovery policies.

select
name,
id,
created,
status,
priority,
system
from
okta_idp_discovery_policy
where
system;
select
name,
id,
created,
status,
priority,
system
from
okta_idp_discovery_policy
where
system;

List inactive idp discovery policies

Explore which IDP discovery policies are inactive. This can be useful for identifying policies that are no longer in use and may need to be updated or removed.

select
name,
id,
created,
status,
priority,
system
from
okta_idp_discovery_policy
where
status = 'INACTIVE';
select
name,
id,
created,
status,
priority,
system
from
okta_idp_discovery_policy
where
status = 'INACTIVE';

Get rules details for each idp discovery policy

Analyze the specifics of each identity provider discovery policy to gain insights into the rules applied, including their name, system, status, and priority. This can be useful in reviewing and managing your security configurations and policies.

select
name,
id,
r -> 'name' as rule_name,
r -> 'system' as rule_system,
r -> 'status' as rule_status,
r -> 'priority' as rule_priority,
jsonb_pretty(r -> 'actions') as rule_actions,
jsonb_pretty(r -> 'conditions') as rule_conditions
from
okta_idp_discovery_policy,
jsonb_array_elements(rules) as r;
select
name,
id,
json_extract(r.value, '$.name') as rule_name,
json_extract(r.value, '$.system') as rule_system,
json_extract(r.value, '$.status') as rule_status,
json_extract(r.value, '$.priority') as rule_priority,
r.value as rule_actions,
r.value as rule_conditions
from
okta_idp_discovery_policy,
json_each(rules) as r;

Schema for okta_idp_discovery_policy

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
conditionsjsonbConditions for Policy.
createdtimestamp with time zoneTimestamp when the Policy was created.
descriptiontextDescription of the Policy.
domaintext=, !=, ~~, ~~*, !~~, !~~*The okta domain name.
idtextIdentifier of the Policy.
last_updatedtimestamp with time zoneTimestamp when the Policy was last modified.
nametextName of the Policy.
prioritybigintPriority of the Policy.
resource_mappingjsonbThe resources that are mapped to the Policy.
rulesjsonbEach Policy may contain one or more Rules. Rules, like Policies, contain conditions that must be satisfied for the Rule to be applied.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextStatus of the Policy: ACTIVE or INACTIVE.
systembooleanThis is set to true on system policies, which cannot be deleted.
titletextThe title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- okta

You can pass the configuration to the command with the --config argument:

steampipe_export_okta --config '<your_config>' okta_idp_discovery_policy