Table: okta_password_policy - Query Okta Password Policies using SQL

Okta Password Policy is a set of rules and settings within Okta that governs the complexity requirements for user passwords and the actions to take when users violate these rules. It helps organizations to enforce strong password practices, enhancing security by reducing the risk of password-based attacks. Okta Password Policy provides a way to customize these rules and settings to meet the specific security needs of an organization.

Table Usage Guide

The okta_password_policy table provides insights into the password policies within Okta. As a security analyst, explore policy-specific details through this table, including the complexity requirements, lockout settings, and associated metadata. Utilize it to uncover information about the password policies, such as those with weak complexity requirements, the number of failed attempts before a lockout, and the duration of the lockout period.

Examples

Basic info

Explore which password policies have been implemented, understanding their creation dates, status, and priority. This can be useful for assessing the security measures in place and their relative importance.

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_password_policy
order by
  priority;

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_password_policy
order by
  priority;

List system password policies

Analyze the settings to understand the system's password policies, enabling you to assess their creation, status, and priority. This is beneficial for maintaining security standards and prioritizing system updates.

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_password_policy
where
  system;

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_password_policy
where
  system;

List inactive password policies

Explore which password policies have been marked as inactive, allowing you to identify and review any outdated or unused policies that could potentially impact system security. This is particularly useful in maintaining security standards and ensuring all policies are up-to-date.

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_password_policy
where
  status = 'INACTIVE';

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_password_policy
where
  status = 'INACTIVE';

Get policy details for each password policy

Explore the specifics of each password policy, including its age, complexity, lockout details, recovery factors, and delegation options. This can help you understand and manage the security standards across different policies.

select
  name,
  id,
  status,
  jsonb_pretty(settings -> 'password' -> 'age') as password_age,
  jsonb_pretty(settings -> 'password' -> 'complexity') as password_complexity,
  jsonb_pretty(settings -> 'password' -> 'lockout') as password_lockout,
  jsonb_pretty(settings -> 'recovery' -> 'factors') as recovery_factors,
  jsonb_pretty(settings -> 'delegation' -> 'options') as delegation_options
from
  okta_password_policy;

select
  name,
  id,
  status,
  settings as password_age,
  settings as password_complexity,
  settings as password_lockout,
  settings as recovery_factors,
  settings as delegation_options
from
  okta_password_policy;

Get rules details for each password policy

Explore the specific rules associated with each password policy to gain insights into their statuses, priorities, and conditions. This can help in understanding and managing security measures more effectively.

select
  name,
  id,
  r -> 'name' as rule_name,
  r -> 'system' as rule_system,
  r -> 'status' as rule_status,
  r -> 'priority' as rule_priority,
  jsonb_pretty(r -> 'actions') as rule_actions,
  jsonb_pretty(r -> 'conditions') as rule_conditions
from
  okta_password_policy,
  jsonb_array_elements(rules) as r;

select
  name,
  id,
  json_extract(r.value, '$.name') as rule_name,
  json_extract(r.value, '$.system') as rule_system,
  json_extract(r.value, '$.status') as rule_status,
  json_extract(r.value, '$.priority') as rule_priority,
  r.value as rule_actions,
  r.value as rule_conditions
from
  okta_password_policy,
  json_each(rules) as r;

Schema for okta_password_policy

Name	Type	Description
_ctx	jsonb	Steampipe context in JSON form, e.g. connection_name.
conditions	jsonb	Conditions for Policy.
created	timestamp with time zone	Timestamp when the Policy was created.
description	text	Description of the Policy.
id	text	Identifier of the Policy.
last_updated	timestamp with time zone	Timestamp when the Policy was last modified.
name	text	Name of the Policy.
priority	bigint	Priority of the Policy.
rules	jsonb	Each Policy may contain one or more Rules. Rules, like Policies, contain conditions that must be satisfied for the Rule to be applied.
settings	jsonb	Settings of the password policy.
status	text	Status of the Policy: ACTIVE or INACTIVE.
system	boolean	This is set to true on system policies, which cannot be deleted.
title	text	The title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- okta

You can pass the configuration to the command with the --config argument:

steampipe_export_okta --config '<your_config>' okta_password_policy