Introduction

This article describes the Field Effect MDR integration with Okta. This article covers the following:

• Integration Details 
  • Requirements
• Setting up the Integration 
  • Prepare Okta for the Configuration
  • Complete the integration in the MDR Portal

Integration Details 

If your organization uses , this integration allows Field Effect MDR monitoring access to your Okta environment, enriching its monitoring fidelity. Once integrated, Field Effect MDR will monitor for user auth locations, travel speeds, and MFA failures, which may indicate a stolen password.

Requirements

To complete this integration, you will need administrator access to both your Okta environment and the Field Effect MDR Portal. 

Setting up the Integration 

To complete this integration, you will need to perform the following procedures:  

1. Create an IP Zone in Okta:
   1. Create an IP zone in Okta
   2. Configure Okta ThreatInsight
   3. Create an Okta API token
2. Complete the Integration in the MDR Portal

Prepare Okta for the Configuration

Create an IP Zone in Okta

For our API to properly access Okta, you must create an IP zone and add Field Effect MDR's IP address range to it. To learn more, visit the Okta's Create zones for IP addresses article. 

From the Security section's Network page, click Add new Zone and select IP Zone.

The Add IP Zone window will open. Provide the following: 

• Zone name: we recommend "FieldEffectMDR"
• (Optional) Check the "Block Access.." check box to prevent matching IPs from connecting. 
• Gateway IPs: add Field Effect MDR's IP range: 64.26.180.112/28

When finished, click Save. This IP Zone will be used when Creating an API token below.

Configure Okta ThreatInsight

For Okta to allow access for Field Effect, you must configure Okta’s ThreatInsight to “trust” requests to our API. To learn more, visit the Okta article Configure Okta ThreatInsight. To configure ThreatInsight:

1. In the Admin Console, go to Security > General.
2. Go to Okta ThreatInsight Settings.
3. Click Edit. A list of actions will appear. Select the most appropriate setting.
   1. No Action
   2. Log authentication attempts from malicious IP
   3. Log and enforce security based on threat level
4. Select the desired action for your org.
5. Add the trusted network zone you added the Field Effect IP to.
6. Click Save.

Create an Okta API Token

Begin by logging into your Okta portal using your admin credentials. Once logged in, navigate to the API page's Tokens tab (found here: https://-admin.okta.com/admin/access/api/tokens). From the Tokens tab, click Create Token. 

The Create token window will appear. Give the token a name (we suggest "FieldEffectMDR") and set the "API calls..." field to the IP Zone you created for Field Effect MDR, as shown above. 

After you create the token, be sure to copy it, as it will be required when setting up the integration in the MDR Portal.

Complete the integration in the MDR Portal

Note for Partners: This procedure is performed on a per-client basis. Ensure that the Organization Selector is set to the appropriate client before continuing.

Navigate to the MDR Portal's Administration > Integrations page. From the Cloud Monitoring tab, click Add within the Okta card.

The Okta Monitoring window will appear on your screen. Provide your Okta domain and the API token you created in the previous step. Once provided, click Add.

You'll be taken back to the integrations page, and the integration card will show that the integration is connected and promoted to the top, alongside any other connected integrations.