Okta Token
Description
General
- Documentation: https://developer.okta.com/docs/guides/create-an-api-token/main/
- Summary: Okta is an identity and access management company, it provides cloud solutions that help companies manage and secure user authentication. This detector focuses on catching API tokens used to authenticate requests to Okta APIs.
- IPs allowlist: This feature is not supported in the free plan, but in premium plans, admins can set allowlists and banlists according to their needs from the
security/network/add zonesection. - Scopes: Various groups of users can be created, and users can also be assigned to applications. The API token inherits authorization from their user.
Revoke the secret
An API token can be revoked from the API tab of the Okta dashboard. The authorization server that is attributed to the account can also be used to automatically rotate API keys.
Check for suspicious activity
Okta keeps logs of any calls or actions made with a given API key.
Details for Okta token
Family: Api
Category: Identity provider
Company: Okta
High recall: False
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 1.79
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions:
- ^lock$
- ^storyboard(c|er)?~?$
- ^xib$
- ipynb
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: false
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- okta
- type: ContentWhitelistPreValidator
patterns:
- '00'
Examples
- text: |
// Add Okta_TOKEN GENERATED
string token = "00iqMOKIplUddEWA5WEM4YwOkw7RXeGw31lFCMTvZ2";
apikey: 00iqMOKIplUddEWA5WEM4YwOkw7RXeGw31lFCMTvZ2
- text: |
// Add Okta_TOKEN GENERATED
+00iqMOKIplUddEWA5WEM4YwOkw7RXeGw31lFCMTvZ2";
apikey: 00iqMOKIplUddEWA5WEM4YwOkw7RXeGw31lFCMTvZ2
