Table: okta_signon_policy - Query Okta Sign-On Policies using SQL

Okta Sign-On Policies are a set of rules that specify the actions to be taken during user sign-in based on a variety of conditions. These policies govern the authentication requirements users must meet before they are granted access to applications. They are an integral part of Okta's adaptive multi-factor authentication (MFA) and can be used to increase an organization's security.

Table Usage Guide

The okta_signon_policy table provides insights into Okta Sign-On Policies. As a security analyst, you can leverage this table to understand the various sign-on policies within your organization, including their priority, status, and the conditions under which they are applied. This information is crucial for auditing security measures and ensuring that your organization's sign-on procedures are in line with best practices.

Examples

Basic info

Explore the priority-based organization of Okta sign-on policies. This query can be used to assess the order of policies based on their priority, providing insights into the system's security measures and configurations.

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_signon_policy
order by
  priority;

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_signon_policy
order by
  priority;

List system sign on policies

Explore which system sign-on policies are currently in place. This can help in understanding the security measures in effect and prioritizing any necessary changes.

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_signon_policy
where
  system;

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_signon_policy
where
  system;

List inactive sign on policies

Explore which sign-on policies are inactive. This is useful for maintaining security by identifying potential gaps in your active policies.

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_signon_policy
where
  status = 'INACTIVE';

select
  name,
  id,
  created,
  status,
  priority,
  system
from
  okta_signon_policy
where
  status = 'INACTIVE';

Get rules details for each sign on policy

This query is useful to gain insights into each sign-on policy's rules within your system. It provides a detailed view of the rules' names, systems, statuses, priorities, actions, and conditions, aiding in policy management and security assessment.

select
  name,
  id,
  r -> 'name' as rule_name,
  r -> 'system' as rule_system,
  r -> 'status' as rule_status,
  r -> 'priority' as rule_priority,
  jsonb_pretty(r -> 'actions') as rule_actions,
  jsonb_pretty(r -> 'conditions') as rule_conditions
from
  okta_signon_policy,
  jsonb_array_elements(rules) as r;

select
  name,
  id,
  json_extract(r.value, '$.name') as rule_name,
  json_extract(r.value, '$.system') as rule_system,
  json_extract(r.value, '$.status') as rule_status,
  json_extract(r.value, '$.priority') as rule_priority,
  r.value as rule_actions,
  r.value as rule_conditions
from
  okta_signon_policy,
  json_each(rules) as r;

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- okta

You can pass the configuration to the command with the --config argument:

steampipe_export_okta --config '<your_config>' okta_signon_policy