Code42 + Okta

Get Started

Leverage user identity to optimize right-sized response

Code42 Incydr integrates with Okta to automate access controls, and speed investigations to insider risk incidents involving departing employees or high-risk users. Incydr continually monitors all data movement across computers, cloud collaboration platforms and SaaS applications to surface insider risk indicators (IRIs). When an IRI triggers a high-fidelity alert in Incydr, the user is automatically added to a specific group in Okta with lower access permissions while a ticket is created in the organization's IT ticketing system, such as ServiceNow or Jira. This integrated workflow eliminates gaps and siloed efforts across departments to enable security teams to effectively investigate and mitigate insider risk.

Additionally, Code42 has a SAML and SCIM-based integration with Okta to identify behavioral risk indicators such as remote activity, off-hour file events and attempts to conceal exfiltration. This direct integration allows security teams to programmatically monitor users with increased risk factors, such as departing and contract employees.

Benefits of the Code42 + Okta integration

Allow conditional access


Reduce insider risk exposure by applying the right access controls based on predefined risk tolerance.

Identify behavioral risk indicators


Provision role-based user attributes to identify behavioral risk indicators such as remote activity, off-hour file events and attempts to conceal exfiltration.

Streamline and automate response workflows


Automate insider risk workflows for departing and high-risk employees to speed investigations and effectively mitigate insider risk.

Integration features

Prioritized alert triggers

Automatically add users to specific groups within Okta with lower permissions – while automating incident documentation and communications tied to your HCM and IT ticketing system.

Provision user attributes

Ingest user attributes for all employees and contractors, including name, title, department, manager, and employment type into Incydr from Okta for additional context when identifying signals of insider risk.

Automated right-sized response

Automate response actions for insider risk workflows including modified access permissions, manager notification or placing a user in a specific group within Okta.

Single sign-on

Easily implement single sign-on (SSO) as the authentication method in your Code42 environment to simplify the user experience while also ensuring data is secure.

SCIM provisioning

Create and deactivate users and push groups all within the Code42 app for Okta, which automatically syncs information back to Code42 to ensure security changes stay in sync.

Integration features

Prioritized alert triggers

Automatically add users to specific groups within Okta with lower permissions – while automating incident documentation and communications tied to your HCM and IT ticketing system.

Provision user attributes

Ingest user attributes for all employees and contractors, including name, title, department, manager, and employment type into Incydr from Okta for additional context when identifying signals of insider risk.

Automated right-sized response

Automate response actions for insider risk workflows including modified access permissions, manager notification or placing a user in a specific group within Okta.

Single sign-on

Easily implement single sign-on (SSO) as the authentication method in your Code42 environment to simplify the user experience while also ensuring data is secure.

SCIM provisioning

Create and deactivate users and push groups all within the Code42 app for Okta, which automatically syncs information back to Code42 to ensure security changes stay in sync.

Featured Use Case

Automate user permissions and access controls in response to insider risk indicators

Challenge

Challenge: Most employees take files with them when they leave for a new job – and without access controls, sensitive data could be put at risk of being exfiltrated. When an employee puts in their notice or when there is suspicious file movement or user behavior indicative of insider risk, security teams must be able to quickly take action to protect corporate data from being exposed or exfiltrated.

Solution

Solution: When a high-fidelity alert is triggered, Code42's integration with Okta will automatically add user(s) to a 'suspicious-activity' group in Okta with lower access permissions. Furthermore, a ticket is created in an organization's IT ticketing system (i.e. Jira) documenting the alert details, prompting the security team to investigate the incident.

Outcome

Outcome: Organizations can reduce insider risk exposure and speed response by automating access controls and streamlining an investigation of a departing employee or high-risk user who is potentially exfiltrating data.