Prerequisites
Full OpenGraph support requires a PostgreSQL graph database and one of the following editions:- BloodHound Enterprise (uses PostgreSQL by default)
-
BloodHound Community v8.0.0+ (requires changing to a PostgreSQL database)
While many OpenGraph features may work on a Neo4j database, there are functional and performance limitations (see the OpenGraph FAQ). For full support, migrate to a PostgreSQL database.
Install the Extension
Optional Schemas
If your Okta environment uses SCIM, upload the bh-scim-extension.json schema as well. This schema provides a shared model for provisioned users and groups across cloud identity providers and applications. If Okta is connected to other BloodHound-supported data sources in your environment, such as Okta, upload the corresponding schema too, or contact your Enterprise account team. Doing so ensures those cross-platform relationships are modeled correctly in BloodHound.Import Cypher Queries
The Okta extension includes Cypher queries to help identify attack paths and misconfigurations in Okta environments. Import the Okta query JSON files into BloodHound using the query import workflow. You can then run the imported queries on the Explore page.Cypher queries that reference node or edge kinds not present in the database will fail without the extension schema.
Collect and Upload Okta Data
There are currently two ways to collect Okta data for this extension:- OpenHound Okta collector: The SpecterOps-supported collector for Okta. Use this if you want the current documented and supported collection path.
- OktaHound collector: An alternative collector that can also produce data for the Okta extension.