To integrate Okta Workforce Identity with Red Canary, follow the procedure below from beginning to end.
Note: This functionality is only available to Red Canary users who have an MDR Identities subscription.
Step 1: Create your Okta Workforce Identity integration with Red Canary
- From your Red Canary homepage, click Integrations.
- From the Integrations section, locate and then click the security product you want to integrate with Red Canary.
Note: If you do not see your security product listed, click See all integrations.
- In the search bar, type and then select your third-party security source.
- Continue onto the next step by configuring your third-party security source in Red Canary.
Note: Your third-party security source may require that you contact Red Canary to configure.
- Enter a name for your Okta Domain.
- Enter your Okta API Token. Learn more about creating an Okta API Token.
- Click Save.
For information about testing, please read Okta RCCAR testing directions.
What kind of data is Red Canary collecting from Okta?
For legacy integrations, Red Canary used to collect only alert data from Okta Workforce Identity. Red Canary now collects alert data and raw telemetry that is used to develop our own analytics. This raw telemetry includes system activities such as MFA events, user actions, and timestamp information for authentication attempts.