This article contains information on integrating Mimecast's Human Risk platform with Okta to manage identity-based risks and detect security issues, for enhanced protection against cyber threats.
Overview
The integration with Mimecast's Human Risk Platform and Okta helps your organization manage identity-based risks, and detect issues like anonymous IP address usage, password spray attacks, and leaked credentials.
The integration reads risk events created by Okta via the API. These are forwarded to the Human Risk Platform, which associates each event with a user, and updates the identity component of attack factor for that user.
This integration can be accessed from the Human Risk Command Center, which is available to all Mimecast Email Security Cloud Gateway and Mimecast Engage customers.
Considerations
- This feature is available to
- Engage customers on Cloud Gateway, including Engage trial users, and all Email Security Cloud Gateway customers with the Human Risk Command Center.
- Early access customers see risk event data from Okta surfaced via the Human Risk Command Center.
- Historical events will not be pulled from Okta – only events from the point of integration onward.
This simplifies onboarding, as Mimecast won’t change historical attack factor scores that you may have already seen at that point. - The integration does not support custom URLs, e.g. okta.companyname.com at this time.
Prerequisites
- Okta subscription.
- Mimecast Engage subscription.
- You must have one of the following roles:
- Global Sys Admin.
- Sys Admin - SD Full.
- Super Administrator.
- Full Administrator.
- Basic Administrator.
- Partner Administrator.
- Custom Role with Integrations Marketplace (Read/Write permissions must be enabled.)
Configuring the Okta Integration
The integration is configured in the Okta Admin Console, and then in the Mimecast Administration Console, in the Integrations Hub.
You can configure the Okta integration with Human Risk by using the following steps:
- Login to the Okta Admin Console.
- Navigate to Applications | Applications | Browser App Catalog.
- Search for Mimecast, and add the integration.
- Navigate to General | Client Credentials.
- Store your Client ID and Secret, which will be required at a later stage in the process. Also note the Base URL.
- Log in to the Mimecast Administration Console.
-
Navigate to Integrations | Integrations Hub.
-
From the available Integrations, select Okta for Human Risk, and click on Configure New.
You can create up to 10 Okta integrations.
- Complete the Details section:
- Enter an Application Name.
- Enter a Description (optional).
- Enter the Client ID and Client Secret noted in step 5, and enter the Base URL corresponding to your geographical location.
- Select Save to complete the integration process.
Frequently Asked Questions
| Q: | How long does it take to deploy the integration? |
| A: | The integration can be fully deployed in just a couple of minutes. It may take up to 24 hours for Okta ID-related related attack factor data to appear in the Human Risk Command Center. |
| Q: | Is any historical data loaded from Okta? |
| A: | Historical data will not be pulled from Okta; only events from the point of integration onward. |
| Q: | What Okta events does Mimecast Human Risk use? |
| A: |
|
| Q: | Why do Okta events affect users' Attack Factor instead of their Human Risk Score? |
| A: | The Human Risk Score is based on users' behavior (actions the user takes with regard to malware, sensitive data, etc.), while the attack factor is a representation of the exposure a user has to attacks relative to other users in their organization. For an event to be included in the Human Risk Score, we want to be very sure the user took the action. Because of the nature of identity attacks, we can’t be sure if it was the user or someone who’s compromised the account, so we’ve chosen to exclude identity-related events from the Human Risk Score. |
Comments
Please sign in to leave a comment.