Skip to content

technology integration

Incydr™ + Okta

Try Incydr

Leverage user identity to optimize right-sized response

Incydr continually monitors all data movement across computers, cloud collaboration platforms and SaaS applications to surface insider risk indicators (IRIs). When an IRI triggers a high-fidelity alert in Incydr, the user is automatically added to a specific group in Okta with lower access permissions while a ticket is created in the organization’s IT ticketing system, such as ServiceNow or Jira. This integrated workflow eliminates gaps and siloed efforts across departments to enable security teams to effectively investigate and mitigate insider risk.

Additionally, Incydr has a SAML and SCIM-based integration with Okta to identify behavioral risk indicators such as remote activity, off-hour file events and attempts to conceal exfiltration. This direct integration allows security teams to programmatically monitor users with increased risk factors, such as departing and contract employees.

Benefits of the Incydr + Okta integration

Reduce insider risk exposure by applying the right access controls based on predefined risk tolerance.

Provision role-based user attributes to identify behavioral risk indicators such as remote activity, off-hour file events and attempts to conceal exfiltration.

Automate insider risk workflows for departing and high-risk employees to speed investigations and effectively mitigate insider risk.

Integration features

Together, Code42 and Okta provide organizations with the ability to respond quickly to Insider Risk incidents, while also providing a flexible environment that enables innovation and collaboration.

Prioritized alert triggers

Automatically add users to specific groups within Okta with lower permissions – while automating incident documentation and communications tied to your HCM and IT ticketing system.

Provision user attributes

Ingest user attributes for all employees and contractors, including name, title, department, manager, and employment type into Incydr from Okta for additional context when identifying signals of insider risk.

Automated right-sized response

Automate response actions for insider risk workflows including modified access permissions, manager notification or placing a user in a specific group within Okta.

Single sign-on

Easily implement single sign-on (SSO) as the authentication method in your Incydr environment to simplify the user experience while also ensuring data is secure.

SCIM provisioning

Create and deactivate users and push groups all within the Incydr app for Okta, which automatically syncs information back to Incydr to ensure security changes stay in sync.


Automate user permissions and access controls in response to insider risk indicators

Most employees take files with them when they leave for a new job – and without access controls, sensitive data could be put at risk of being exfiltrated. When an employee puts in their notice or when there is suspicious file movement or user behavior indicative of insider risk, security teams must be able to quickly take action to protect corporate data from being exposed or exfiltrated.

Want to see Incydr from the inside?

In under four minutes, our product demo provides a walk through of the SaaS solution to show how Incydr can stop data exfiltration before damage is done.

Watch Demo