Steampipe unbundled →
Steampipe Hub 
Hub
Plugins
turbot/okta
Overview
14Tables
Versions
GitHub
steampipe plugin install okta

Table: okta_mfa_policy - Query Okta Multi-Factor Authentication Policies using SQL

Okta Multi-Factor Authentication (MFA) is a security feature that provides an additional layer of protection for user accounts. It requires users to verify their identity with at least two forms of identification before gaining access to resources. MFA policies in Okta allow administrators to define and enforce security measures.

Table Usage Guide

The okta_mfa_policy table provides insights into the MFA policies within Okta. As a security administrator, you can explore policy-specific details through this table, including policy settings, conditions, and associated metadata. Use it to uncover information about policies, such as those with specific conditions, the type of factors enforced, and the verification of policy settings.

Examples

Basic info

Explore the multi-factor authentication policies in your Okta system to understand their creation dates, priority levels, and statuses. This will help you assess the security strength and identify any potential vulnerabilities or areas for improvement.

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_mfa_policy
order by
  priority;
select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_mfa_policy
order by
  priority;

List system mfa policies

Explore the Multi-Factor Authentication (MFA) policies active within your system. This aids in assessing the priority and status of each policy, helping you maintain a secure and efficient environment.

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_mfa_policy
where
  system;
select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_mfa_policy
where
  system = 1;

List inactive mfa policies

Explore which multi-factor authentication (MFA) policies are currently inactive. This is useful for security audits to ensure all necessary policies are active and functioning as intended.

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_mfa_policy
where
  status = 'INACTIVE';
select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_mfa_policy
where
  status = 'INACTIVE';

List highest priority mfa policy details

Explore the highest priority multi-factor authentication (MFA) policies in your system. This can be useful for prioritizing security measures and identifying potential vulnerabilities.

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_mfa_policy
where
  priority = 1;
select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_mfa_policy
where
  priority = 1;

Get rules details for each mfa policy

Explore the specific rules associated with each multi-factor authentication policy. This allows for a comprehensive understanding of the security measures in place and their prioritization, enabling more informed decisions about potential modifications or enhancements.

select
  name,
  id,
  r -> 'name' as rule_name,
  r -> 'system' as rule_system,
  r -> 'status' as rule_status,
  r -> 'priority' as rule_priority,
  jsonb_pretty(r -> 'actions') as rule_actions,
  jsonb_pretty(r -> 'conditions') as rule_conditions
from
  okta_mfa_policy,
  jsonb_array_elements(rules) as r;
select
  name,
  id,
  json_extract(r.value, '$.name') as rule_name,
  json_extract(r.value, '$.system') as rule_system,
  json_extract(r.value, '$.status') as rule_status,
  json_extract(r.value, '$.priority') as rule_priority,
  r.value as rule_actions,
  r.value as rule_conditions
from
  okta_mfa_policy,
  json_each(rules) as r;

Schema for okta_mfa_policy

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
conditionsjsonbConditions for Policy.
createdtimestamp with time zoneTimestamp when the Policy was created.
descriptiontextDescription of the Policy.
idtextIdentifier of the Policy.
last_updatedtimestamp with time zoneTimestamp when the Policy was last modified.
nametextName of the Policy.
prioritybigintPriority of the Policy.
rulesjsonbEach Policy may contain one or more Rules. Rules, like Policies, contain conditions that must be satisfied for the Rule to be applied.
settingsjsonbSettings of the password policy.
statustextStatus of the Policy: ACTIVE or INACTIVE.
systembooleanThis is set to true on system policies, which cannot be deleted.
titletextThe title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- okta

You can pass the configuration to the command with the --config argument:

steampipe_export_okta --config '<your_config>' okta_mfa_policy