AS-Terminate-Okta-User-Sessions-From-Entity

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This playbook is intended to be run from a Microsoft Sentinel Entity. It will match Okta users against the account entities on the entity and then terminate all sessions of the matched users in Okta.

Attribute	Value
Type	Playbook
Solution	Standalone Content
Source	View on GitHub

Logic App Connectors

This playbook uses 3 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	0
`keyvault`	Managed	1	1
`http`	Built-in	0	2

Action parameters (URLs, paths, function IDs)

`keyvault` (Managed)

Action	Method	Endpoint	Other
Get_Secret	get	`/secrets/@{encodeURIComponent('AS-Okta-Terminate-User-Sessions-API-Token')}/value`	—

`http` (Built-in)

Action	Method	Endpoint	Other
HTTP-_Terminate_User_Sessions	DELETE	`[concat('https://', parameters('OktaSubdomain') , '.okta.com/api/v1/users/@{body(''HTTP_-_Get_Okta_User_Account'')?[0]?[''id'']}/sessions')]`	—
HTTP_-_Get_Okta_User_Account	GET	`[concat('https://', parameters('OktaSubdomain') , '.okta.com/api/v1/users?search=profile.email%20eq%20%22@{concat(replace(encodeUriComponent(triggerBody()?[''Entity'']?[''properties'']?[''Name'']),''.'',''%2E''), ''%40'', replace(encodeUriComponent(triggerBody()?[''Entity'']?[''properties'']?[''UPNSuffix'']),''.'',''%2E''))}%22')]`	—

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Playbooks

AS-Terminate-Okta-User-Sessions-From-Entity

Logic App Connectors

keyvault (Managed)

http (Built-in)

`keyvault` (Managed)

`http` (Built-in)