AISEC

by CipherFort Security

Sign inGet started
Integration Guide · Okta

Okta Integration

The Okta connector uses a read-only API token to collect MFA enrolment policy counts, sign-on policy configurations, and administrative role assignments. This evidence directly supports identity and access management controls across ISO 27001, SOC 2, and GDPR.

MFA enrolment policy snapshotSign-on policy configurationAdmin role assignment reviewNo Okta user data stored in AISEC

Read-only

API token scope required

SSWS

Authentication method

A.5.17, A.5.15

Example ISO 27001 control mappings

Prerequisites

Create a read-only API token in Okta

Okta API tokens inherit the permissions of the user who creates them. Use a dedicated service account with minimal permissions.

Create a service account user

Create a dedicated Okta user for the AISEC integration — avoid using a personal admin account so the token is not affected by staff changes.

  • Username: aisec-integration@yourcompany.com (internal only, no inbox needed)
  • Assign the Read Only Administrator role
  • Activate the user and set a secure password

Generate the API token

Log in to the Okta Admin Console as the service account user and generate a token.

  • Navigate to Security → API → Tokens
  • Click Create Token and name it "aisec-evidence-collector"
  • Copy the token value immediately — it is only shown once
  • Tokens expire after 30 days of inactivity; schedule a renewal reminder

Configuration

Connect Okta in AISEC

Enter your Okta org URL and API token in Settings → Integrations → Okta → Configure.

Step-by-step

  • Okta Org URL: your Okta domain (e.g. https://yourcompany.okta.com or https://yourcompany.okta-emea.com)
  • API Token: the SSWS token you copied from the Okta Admin Console
  • Sync frequency: daily covers most access review cadences
  • Click Connect, then Sync now for an immediate first collection

Evidence collected

What appears in your evidence register

Two evidence items are produced per sync.

MFA Policy Summary

Count of MFA enrolment policies and sign-on policies active in the Okta org.

  • Maps to ISO 27001: A.5.17, A.8.5
  • Maps to SOC 2: CC6.1

Administrative Access Review

Count and list of users with administrative role assignments in Okta.

  • Maps to ISO 27001: A.5.15, A.5.18
  • Maps to SOC 2: CC6.3

Troubleshooting

Common issues

  • 401 Unauthorized — the API token has expired (30-day inactivity window) or was revoked; generate a new one.
  • 403 Forbidden — the service account does not have the Read Only Administrator role; check the Okta Admin Console.
  • Empty admin list — if using /api/v1/iam/assignees/users returns 404, the Okta org may be on an older version; the connector falls back gracefully with an empty list.
  • Okta-emea.com domains — make sure to include the full URL including the subdomain (e.g. https://yourcompany.okta-emea.com).

Related

Keep exploring

All integrations

Google Workspace guide

Microsoft 365 guide

Ready to connect?

Create a service account in Okta with Read Only Admin role, generate an API token, then enter the details in AISEC.