JasonS.31511 (Customer) asked a question.
Need to Create a Daily "OKTA Status" Report using either API or PowerShell or...???
Current Situation: On a daily basis, we manually prepare and send an email advising of about two dozen functions in OKTA with cross correlation in Active Directory of Service Account status. We also include status of MFA, SSO, VPN, and VDI login capabilities.
Questions:
- Does the OKTA Powershell or OKTA API function have the capability of performing these checks and auto-generating an email to a predetermined distro list? OR alternatively,
- Is it possible to develop a custom user (non-admin) dashboard which will provide the same information and make it available in a user-friendly, easy to read graphical format?
- what resources are available to guide me through the process of doing either (or both) of the previous tasks?
Thank you for your time and consideration.
First off, I will say that this request is something that is very near to me, as our organization has been requesting something like this for quite some time.
As for a “daily report”, there is not a ton of “built-in” capabilities to provide what you ask unfortunately. We use a combination of methods to produce the next best thing. First, we have daily and weekly emails sent on behalf of an Okta Workflow that will capture System Log Events that we care about, compile them into a format that is more user-friendly (but not graphically friendly in the dashboard sense) and then send them out to a DL or group of users that wish to receive them. Keep in mind, this is really focused on system logs, not necessarily “counts” so say, X number of locked out accounts or Y number of Administrators.
Second, I use a Python script that interacts with the Okta API to pull information down (users, users in certain groups, service accounts, users locked out, etc.) and then take that information and put it into a CSV file for further processing. Primarily, this is using the Requests and Pandas modules. I use this solution quarterly, and it helps us really to automate a user access review process. You could also always send these off to Power BI for processing or have it automatically sent off to an S3 bucket for archive as well.
Finally, if you have a SIEM in place like Splunk, and you are sending data to it (read only API key) it can do something similar to option one, but place this data in a user-friendly and interactive dashboard. Much easier on the eyes if you have an audience that needs that. Alerting can also be setup here as well, for say, creation of a new administrator or assignment to a sensitive group or the changing of a major policy (may be legitimate, but a change ticket should map to the action).
Ultimately, it is a combination of the above that works for us and gives us the oversight needed to understand our environment (ticketing systems and other tools aside). Of course this also does not refer to some of the built-in reports that can be sent to Admins from Okta as well, but for a deeper and more comprehensive solution, I use the above. Don’t forget about the Admin notifications that can be sent as well.
I hope this helps… apologies for the long-winded response. Please feel free to ask any questions that you may have in response.
Also - if you have any good ideas, please don’t forget to suggest them on Okta Ideas! The more great suggestions the better. Thanks again!