- Documentation: https://developer.okta.com/docs/guides/find-your-app-credentials/-/main/
- Summary: Okta is an identity and access management company, it provides cloud solutions that help companies manage and secure user authentication. Applications that use Okta for authentication can be set and associated to a user account, they are attributed a
client_secretto authenticate communications between the applications and Okta. This detector focuses on catching those keys.
- IPs allowlist: Sign on rules can be set for each application to restrict the zone from which user can connect and thus interact with Okta.
- Scopes: A variety of scopes can be associated to the application that is integrating with Okta, from the
Application/Okta API Scopestab.
Revoke the secret
A new client secret can be generated from the
Application/General tab of the dashboard. This automatically revokes the previous client secret.
Check for suspicious activity
Okta keeps logs of any actions or calls made with an application registered on the platform.
Category: Identity provider
High recall: True
Validity check available: False
Minimum number of matches: 2
Occurrences found for one million commits: 5.59
- type: ContentWhitelistPreValidator
- text: |
// Add Okta_Keys to your environment variables
- text: |
$(app) -i https://dev-123456.oktapreview.com -c 0oaq5duedN0lmmT143i4 -x 3Be9-tDiFMDp6kYdmQDsbUFEVy7K2_wb0lsje2vw