Skip to main content

New Okta Provider Released

· 6 min read
Technologist and Cloud Consultant

The latest okta provider for StackQL is available now (v25.09.00341), featuring a comprehensive reorganization of services and resources that better aligns with Okta's API structure. This update improves discoverability, logical grouping, and overall usability when working with Okta resources through StackQL.

What's Changed

The updated Okta provider features a more granular and logical organization of services that mirrors Okta's API architecture more closely. Here is a summary of the services included in the latest okta provider:

ServiceDescription
agentpoolsManages agent pools for on-premises integration and deployment
api_tokensHandles API token creation, management, and access control
appsManages Okta application integration, configuration, and assignments
attack_protectionConfigures security controls to prevent various attack vectors
authenticatorsManages authentication methods, factors, and settings
authorizationserversControls OAuth 2.0 and OIDC authorization servers and policies
behaviorsConfigures end-user behavioral patterns for risk-based authentication
brandsManages customization of Okta UI appearance and branding
captchasConfigures CAPTCHA settings to prevent automated attacks
device_accessControls access policies based on device attributes
device_assurancesManages device trust requirements and verification
device_integrationsConfigures integrations with MDM and endpoint security tools
device_posture_checksVerifies security posture of devices accessing resources
devicesManages device enrollment, lifecycle, and inventory
directoriesHandles directory service connections and synchronization
domainsManages custom domain configuration for Okta tenant
email_domainsControls email domains for user provisioning and validation
email_serversConfigures email server settings for notifications
eventhooksManages webhook subscriptions for Okta event notifications
featuresControls feature flags and preview feature management
first_party_app_settingsConfigures settings for Okta-developed applications
groupsManages group creation, membership, and rule configuration
hook_keysHandles encryption keys for securing hook communications
iamProvides core identity and access management functionality
identity_sourcesManages sources of identity data for user provisioning
idpsConfigures external identity providers for federation
inlinehooksManages customization points within Okta workflows
integrationsConfigures third-party service integrations
logsProvides access to system logs and audit events
logstreamsManages streaming of log data to external systems
mappingsConfigures attribute mappings between systems
metaProvides metadata about the Okta API and environment
oauth2Manages OAuth 2.0 clients, scopes, and tokens
okta_personal_settingsControls user-specific preferences and settings
orgManages organization-level settings and configurations
orgsHandles multi-org deployments and org relationships
policiesConfigures authentication, password, and access policies
principal_rate_limitsManages API rate limits for specific principals
privileged_accessControls privileged access management settings
push_providersConfigures push notification delivery services
rate_limit_settingsManages global API rate limit configurations
realm_assignmentsMaps users and groups to authentication realms
realmsConfigures authentication realms for different user populations
riskManages risk-based authentication settings and policies
rolesControls administrative role assignments and permissions
securityProvides security settings and configurations
security_events_providersManages integrations with security event sources
sessionsControls user session policies and management
ssfConfigures server-side functions for customization
templatesManages templates for emails, notifications, and forms
threatsControls threat intelligence settings and configurations
trustedoriginsManages CORS and redirect configurations
usersHandles user lifecycle, profiles, and credentials
webauthn_registrationManages WebAuthn/FIDO2 credential registration
zonesConfigures network zones for policy application
note

The improved organization including service and resource naming and mapping will introduce changes to queries against the previous provider version (v23.03.00121), you can pin the previous version in stackql-deploy or via registry pull in the interim while you make necessary query modifications.

Enhanced Documentation

The new Okta Provider Docs provide comprehensive documentation on how to use the new okta provider including ready-to-use SQL examples for each resource and method. A standout feature is the copy-paste functionality for all SQL queries, making it incredibly easy to:

  1. Compose Infrastructure-as-Code workflows: Each method documentation includes working SQL examples that can be directly copied into your deployment scripts or CI/CD pipelines. Simply click the copy button next to any example to get production-ready SQL code.

  2. Build analytics dashboards: Create sophisticated cross-service queries by combining examples from different resources. The documentation's consistent query formatting makes it simple to join related data across multiple Okta services.

  3. Develop governance reports: Copy baseline queries and customize them for your specific compliance needs. The pre-formatted SQL provides the perfect starting point for custom reporting.

Getting Started

To start using the updated okta provider, simply pull the latest version from stackql shell or stackql registry command:

registry pull okta;

Then you can begin querying your Okta resources with SQL:

-- Get all users and their group assignments
SELECT
u.id,
JSON_EXTRACT(u.profile, '$.email') as email,
u.status,
JSON_EXTRACT(g.profile, '$.name') as group_name
FROM
okta.user.users u
JOIN
okta.group.users gu ON u.id = gu.user_id
JOIN
okta.group.groups g ON gu.group_id = g.id
WHERE subdomain = 'my-company';

Use Cases for the Okta Provider

  1. Infrastructure as Code: Manage your Okta resources alongside other cloud providers in a unified IaC approach, see stackql-deploy.

  2. Cost Optimization: Identify unused resources and opportunities for cost savings.

  3. Security and Compliance: Audit account roles, permissions, and access patterns to ensure compliance with security policies.

  4. Performance Monitoring: Track query performance, warehouse utilization, and identify optimization opportunities.

  5. Cross-Provider Orchestration: Build workflows that span Okta and other resource providers, enabling sophisticated data and infrastructure pipelines.

  6. Automated Reporting: Create automated reports on Okta usage, performance, and costs.

⭐ us on GitHub and join our community!