1. TerraTrue
  2. Integrations
  3. Other Integrations

How to Configure Okta Third-Party Integrations in TerraTrue

Overview

TerraTrue allows you to integrate with Okta to gain visibility into third-party vendor applications authenticated via Okta. This integration helps streamline security and privacy reviews by automatically identifying new vendors and ensuring compliance with internal risk policies.
 

Benefits include:

  • Automated Vendor Detection: Identify and track third-party apps authenticated via Okta.
  • Streamlined Security & Privacy Reviews: Ensure all vendors existing in Okta undergo risk review automatically through automated Launch triggers.
  • Improved Compliance Monitoring: Maintain oversight of vendor relationships within TerraTrue. 

Configuration Prerequisites

Before configuring the Okta integration, ensure you have:

  • Admin access to your organization's Okta instance.
  • Admin privileges in TerraTrue to enable integrations.
  • An Okta API service account with read access to application assignments. 

Steps to Enable the Okta Integration

1. Navigate to the Org Settings > Third Party Integrations > Okta 

  • Click Enable Okta Integration.
  • A setup wizard will appear for Okta configuration setup.

2. Create API Service integration in Okta

  • From the  Okta Admin Console, go to the Applications page and click on the Create App Integration button.
  • In the dialog that appears, select the API Services option.
  • Enter a name for the integration (e.g., TerraTrue API Integration).
  • From the General tab, click the Edit link in the Client Credentials section, and select the Public key / Private key option for Client Authentication.
  • Click the Add Keys button, then click Generate New Key.
  • Copy the Private Key value (in PEM format) to use later in TerraTrue. Then click Done.
  • Also copy the Client ID and Private Key ID (KID) values for later use.
  • Click on the Save button.

3. Set Okta scope and assignment

  • Go to Okta API Scopes tab and grant the okta.apps.read scope.
  • Go to Admin roles tab and click Edit assignments button.
  • In the Role field, select the Read-only Administrator.
  • Click on Save changes. 

4. Configure Okta Credentials in TerraTrue

  • Come back to TerraTrue Okta Integration wizard and enter Client ID, Okta Domain (e.g.: <customer>.okta.com ), Private Key ID, and Private Key into TerraTrue.
  • Click Save Configurations & Go to Next Step to establish a secure connection between Okta and TerraTrue.

5. Create and Set Events in Okta

  • Go to Okta and create the Event Hook (Webhook) and input the Webhook URL, Webhook API Key, and set the events to subscribe.
    • Log in to your Okta Admin Console.
    • Navigate to Workflow > Event Hooks.
    • Click Create Event Hook and enter the following details:
      • Webhook URL (provided by TerraTrue in step 3 of setup wizard).
      • Webhook API Key (provided by TerraTrue in step 3 of setup wizard).
    • Set the Events to Subscribe (provided by TerraTrue in step 3 of setup wizard) that should trigger updates in TerraTrue.
    • Click Save and verify the Event Hook.
  • Once that is complete, your integration setup will be complete.

Troubleshooting

If you encounter issues:

  • Ensure that your Okta API service account has the necessary permissions.
  • Verify that your entered credentials (Client ID, Private Key) are correct. 

Manage Third Parties in the Okta Integration

Admin Responsibilities

  • TerraTrue will automatically scan Okta for applications in Org Settings > Third Party Integrations > Connected Vendors
    • Note: You may additionally manually sync all vendors and individual vendors on an as-needed basis.
  • TerraTrue will infer the connected vendor and application names with AI. If there is a need to change them, you may inline edit the table.
    • Note: In some cases, the inferred vendor or application name may be incorrect.

Third Party Risk Manager Responsibilities

  • Review the list of detected vendors and map them to existing Third Party records in TerraTrue in Third Parties > Third Party Integrations.
    • Note: TerraTrue will infer a mapping, but if it isn’t mapped automatically you may map them manually.
  • To map a connected vendor manually, hover over the placeholder Select Third Party in the Vendor Mapping column for the desired record, then either select the Third Party from the list or begin typing the Third Party name to search and select.

  •  

  • If you need to change the mapping, you can either edit it directly within the table by hovering and clicking on the pencil icon, or by going to the individual Third Party Profile and editing it in the right-hand panel.

     

  • For applications and vendors detected during the initial scan, Launches can be triggered manually in Third Parties > Third Party Integrations.
    • You can review any existing Launches associated with the connected vendor by clicking on the number in the Total Launches column.
      • Note: This count only includes the Launches that you can access.
    • Click on the Trigger Launch button to create a Launch that you can track directly on the Third Party Integrations page. 
  • (Optional) To enable automatic Launch creation for newly detected vendors or applications, go to the Launch Triggers tab and select Enable Launch Triggers. This setting automatically creates a Launch when a new application or vendor is detected in Okta.

 

  • You may select an existing Third Party Launch type or visit the Launch Type settings to set up a new third party Launch to associate with newly triggered Launches.
  • Note: This feature only applies to any newly discovered applications or vendors after the initial scan.

 

Was this article helpful?
0 out of 0 found this helpful

Related to