← Back to all integrations
Keep your team assets up to date and continuously monitor access.
InstallInstall

Okta

Integrating with Okta allows you to manage employee access to integrated systems in a centralized location.

Automate Asset Inventories

By syncing with Okta, you'll keep your "People," "Roles," and "SaaS Systems" up-to-date in Comply. As assets are added to or removed from Okta, they are automatically added to your Asset Inventory in Comply.

Automate Asset-based Procedures

Tickets can automatically trigger whenever there are new assets detected - for example, Comply can automatically trigger your Employee Onboarding procedure whenever a new person is detected in Okta, or your Employee Offboarding procedure whenever a person is deprovisioned.

Automate User Access Reviews

Comply pulls grants from Okta, making it easier to complete Access Control Reviews. By bringing information into Comply and looking for abnormalities, Comply's Okta integration makes access control reviews quicker and simplifies the creation of audit trails.

Automate Evidence Collection

Authentication Requirements Evidence

Every month, Comply will scan your password policies to ensure everyone has a secure password and MFA enabled and create evidence of successful password security and MFA as well as unhealthy evidence and an issue for bas password security or no MFA enabled.

Automations

MFA Policy

Ensures account has multi-factor authentication enabled.

  • A.9.3.1
  • A.9.4.2
  • CC6.1
  • 164.312(d)
Password Policy

Checks the account password policy for IAM users to see if it meets the following requirements: Contains upper case, lower case, number, symbol, password length of minimum 14, and defined password age & defined reuse prevention values.

  • A.9.2.4
  • A.9.4.2
  • A.9.4.3
  • CC6.1
  • 164.308(a)(5)(ii)(D)
  • 164.312(d)

How to use Aptible and Okta

  • Automatically trigger onboarding and offboarding tasks based on changes in employee status
  • Automatically match user access grants to authorizations during user access control reviews
  • Keep your asset inventory up to date with real-time updates as you add systems to Okta.
  • Automate checking for MFA and secure password policies on all people.
Assets synced
  • Teams
  • Applications
Domains Automated
  • Identity & Access Management
Frameworks Automated
ISO 27001:2013
SOC 2
HIPAA
Requirements Automated
A.9.3.1
ISO 27001:2013
Use of secret authentication information
Users shall be required to follow the organization’s practices in the use of secret authentication information.
A.9.4.2
ISO 27001:2013
Secure log-on procedures
Where required by the access control policy, access to systems and applications shall be controlled by a secure log-on procedure.
CC6.1
SOC 2
Logical and Physical Access Controls
The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives.
164.312(d)
HIPAA
Standard: Person or Entity Authentication (R)
Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.
A.9.2.4
ISO 27001:2013
Management of secret authentication information of users
The allocation of secret authentication information shall be controlled through a formal management process.
A.9.4.3
ISO 27001:2013
Password management system
Password management systems shall be interactive and shall ensure quality passwords.
164.308(a)(5)(ii)(D)
HIPAA
Password Management (A)
Implement procedures for creating, changing, and safeguarding passwords.
Integration scopes
  • Read: People
  • Read: Roles
  • Read: SaaS Systems