steampipe plugin install okta

Table: okta_signon_policy - Query Okta Sign-On Policies using SQL

Okta Sign-On Policies are a set of rules that specify the actions to be taken during user sign-in based on a variety of conditions. These policies govern the authentication requirements users must meet before they are granted access to applications. They are an integral part of Okta's adaptive multi-factor authentication (MFA) and can be used to increase an organization's security.

Table Usage Guide

The okta_signon_policy table provides insights into Okta Sign-On Policies. As a security analyst, you can leverage this table to understand the various sign-on policies within your organization, including their priority, status, and the conditions under which they are applied. This information is crucial for auditing security measures and ensuring that your organization's sign-on procedures are in line with best practices.

Examples

Basic info

Explore the priority-based organization of Okta sign-on policies. This query can be used to assess the order of policies based on their priority, providing insights into the system's security measures and configurations.

select
name,
id,
created,
status,
priority,
system
from
okta_signon_policy
order by
priority;
select
name,
id,
created,
status,
priority,
system
from
okta_signon_policy
order by
priority;

List system sign on policies

Explore which system sign-on policies are currently in place. This can help in understanding the security measures in effect and prioritizing any necessary changes.

select
name,
id,
created,
status,
priority,
system
from
okta_signon_policy
where
system;
select
name,
id,
created,
status,
priority,
system
from
okta_signon_policy
where
system;

List inactive sign on policies

Explore which sign-on policies are inactive. This is useful for maintaining security by identifying potential gaps in your active policies.

select
name,
id,
created,
status,
priority,
system
from
okta_signon_policy
where
status = 'INACTIVE';
select
name,
id,
created,
status,
priority,
system
from
okta_signon_policy
where
status = 'INACTIVE';

Get rules details for each sign on policy

This query is useful to gain insights into each sign-on policy's rules within your system. It provides a detailed view of the rules' names, systems, statuses, priorities, actions, and conditions, aiding in policy management and security assessment.

select
name,
id,
r -> 'name' as rule_name,
r -> 'system' as rule_system,
r -> 'status' as rule_status,
r -> 'priority' as rule_priority,
jsonb_pretty(r -> 'actions') as rule_actions,
jsonb_pretty(r -> 'conditions') as rule_conditions
from
okta_signon_policy,
jsonb_array_elements(rules) as r;
select
name,
id,
json_extract(r.value, '$.name') as rule_name,
json_extract(r.value, '$.system') as rule_system,
json_extract(r.value, '$.status') as rule_status,
json_extract(r.value, '$.priority') as rule_priority,
r.value as rule_actions,
r.value as rule_conditions
from
okta_signon_policy,
json_each(rules) as r;

Schema for okta_signon_policy

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
conditionsjsonbConditions for Policy.
createdtimestamp with time zoneTimestamp when the Policy was created.
descriptiontextDescription of the Policy.
idtextIdentifier of the Policy.
last_updatedtimestamp with time zoneTimestamp when the Policy was last modified.
nametextName of the Policy.
prioritybigintPriority of the Policy.
rulesjsonbEach Policy may contain one or more Rules. Rules, like Policies, contain conditions that must be satisfied for the Rule to be applied.
statustextStatus of the Policy: ACTIVE or INACTIVE.
systembooleanThis is set to true on system policies, which cannot be deleted.
titletextThe title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- okta

You can pass the configuration to the command with the --config argument:

steampipe_export_okta --config '<your_config>' okta_signon_policy