Okta

What is Okta?

Okta is a vendor-neutral cloud identity platform that provides single sign-on, multi-factor authentication, and lifecycle management for workforce and customer identities across an organization's entire application portfolio. Because it sits in front of every application that uses it for authentication, Okta's system log is an exceptionally rich source of identity telemetry: it captures every authentication attempt, MFA challenge, session creation, application access event, and policy evaluation, along with device fingerprint, IP address, and geographic location data. Okta's threat detection features include ThreatInsight, which uses signals from across the Okta network to identify credential stuffing campaigns targeting multiple organizations simultaneously. Its Identity Governance capabilities provide fine-grained access review and certification workflows, making it a key tool for detecting and remediating over-privileged access.

How does Okta work with Qevlar?

Qevlar integrates with Okta to retrieve authentication logs and identity risk signals during investigations. When an alert involves a suspicious login, a compromised account scenario, or unusual application access patterns, Qevlar queries Okta's system log to establish the full authentication history for the identities involved and determine whether the activity is consistent with a broader attack pattern.