Table: okta_trusted_origin - Query Okta Trusted Origins using SQL

Okta Trusted Origins is a service within Okta that allows you to manage the origins that are trusted to start browser-based authentication flows or permitted to make CORS requests. It provides a centralized way to manage these trusted origins for various Okta domains. Okta Trusted Origins helps you ensure the security of your Okta domains by controlling the origins that are allowed to interact with them.

Table Usage Guide

The okta_trusted_origin table provides insights into trusted origins within Okta. As a security engineer, explore trusted origin-specific details through this table, including origin names, origin types, and associated metadata. Utilize it to uncover information about trusted origins, such as those with CORS or redirect permissions, and the verification of these permissions.

Important Notes

This table supports an optional filter column to query results based on Okta supported filters.

Examples

Basic info

Explore which trusted origins in your Okta environment have been recently updated or created. This helps keep track of changes and maintain the security of your applications and APIs.

select
  name,
  id,
  created,
  last_updated,
  origin,
  scopes,
  status
from
  okta_trusted_origin;

select
  name,
  id,
  created,
  last_updated,
  origin,
  scopes,
  status
from
  okta_trusted_origin;

List trusted origins last updated 30 days ago

Determine the trusted origins that have not been updated in the past 30 days. This is useful for maintaining security by ensuring all trusted origins are up-to-date.

select
  name,
  id,
  created,
  last_updated,
  origin,
  scopes,
  status
from
  okta_trusted_origin
where
  last_updated < current_timestamp - interval '30 days';

select
  name,
  id,
  created,
  last_updated,
  origin,
  scopes,
  status
from
  okta_trusted_origin
where
  last_updated < datetime('now', '-30 day');

List CORS scoped trusted origins

Explore which trusted origins have been scoped for Cross-Origin Resource Sharing (CORS) to understand the security measures in place for data requests from different origins. This can help in assessing potential vulnerabilities and ensuring appropriate CORS policies are implemented.

select
  name,
  id,
  created,
  last_updated,
  origin,
  scopes,
  status
from
  okta_trusted_origin
where
  scopes @> '[{"type":"CORS"}]' :: jsonb;

select
  name,
  id,
  created,
  last_updated,
  origin,
  scopes,
  status
from
  okta_trusted_origin
where
  json_extract(scopes, '$[0].type') = 'CORS';

Schema for okta_trusted_origin

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form, e.g. connection_name.
created	timestamp with time zone		The timestamp when the trusted origin was created.
created_by	text		The ID of the user who created the trusted origin.
id	text	=	A unique key for the trusted origin.
last_updated	timestamp with time zone		The timestamp when the trusted origin was last updated.
last_updated_by	text		The ID of the user who last updated the trusted origin.
name	text		The name of the trusted origin.
origin	text		The origin of the trusted origin.
scopes	jsonb		The scopes for the trusted origin. Valid values are 'CORS' or 'REDIRECT'.
status	text		Current status of the trusted origin. Valid values are 'ACTIVE' or 'INACTIVE'.
title	text		The title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- okta

You can pass the configuration to the command with the --config argument:

steampipe_export_okta --config '<your_config>' okta_trusted_origin