Skip to main content
Applies to BloodHound Enterprise and CE

Overview

The Okta_Agent node represents an Okta Agent, which is a component used in Okta’s integration with on-premises systems. Okta Agents facilitate communication between the Okta cloud and on-premises applications or directories, enabling features such as single sign-on (SSO) and user provisioning. One or more agents are grouped into Agent Pools, represented by the Okta_AgentPool nodes, to provide redundancy and load balancing. Active Directory Agent in BloodHound

Edges

The tables below list edges defined by the OktaHound extension only. Additional edges to or from this node may be created by other extensions.

Inbound Edges

Edge TypeSource Node TypesTraversable
Okta_HostsAgentComputer

Outbound Edges

Edge TypeDestination Node TypesTraversable
Okta_AgentMemberOfOkta_AgentPool

Properties

NameSourceTypeDescription
idagent.idstringUnique agent identifier.
nameagent.namestringAgent name shown in Okta Admin Console.
displayNameagent.namestringDisplay label used in BloodHound.
oktaDomainCollector context (non-API)stringOkta organization domain where the agent exists.
poolNameagentPool.namestringName of the parent Okta_AgentPool. For AD pools this typically corresponds to the synced AD domain.
operationalStatusagent.operationalStatusstringRuntime health/operational state reported by Okta.
updateStatusagent.updateStatusstringAgent software update state.
typeagent.typestringAgent type (for example AD, LDAP, IWA, or RADIUS).
versionagent.versionstringAgent software version.
poolIdagent.poolIdstringIdentifier of the parent Okta agent pool.
lastConnectionFromUnixTime(agent.lastConnection)datetimeTimestamp of the last successful agent connection to Okta.

Sample Property Values

id: a53xfufl4rqWcHhQo697
name: LON-SRV01
displayName: LON-SRV01
poolId: 0oaxg9rhdd7ncGCXv697
oktaDomain: contoso.okta.com
poolName: contoso.local
operationalStatus: DISRUPTED
updateStatus: Cancelled
type: AD
version: 3.22.0
lastConnection: 2026-01-15T02:29:40+00:00