Privilege Zone Rules

Organization
Tier Zero Devices
Tier Zero Principals

The following Cypher rules define the default Privilege Zone for the OktaHound extension. Each rule is defined in a JSON file located in the PrivilegeZoneRules directory of the OktaHound repository.

Organization

Organization nodes in Okta.

MATCH (n:Okta_Organization)
RETURN n

This rule is defined in the organization.json file.

Tier Zero Devices

Devices associated with principals who have SUPER_ADMIN or ORG_ADMIN role assignments.

MATCH (n:Okta_Device)-[:Okta_DeviceOf]->(:Okta)-[:Okta_HasRoleAssignment|Okta_MemberOf*1..2]->(r:Okta_RoleAssignment)-[:Okta_ScopedTo]->(:Okta_Organization)
WHERE r.type = "SUPER_ADMIN"
OR r.type = "ORG_ADMIN"
RETURN n

This rule is defined in the tier0-devices.json file.

Tier Zero Principals

Principals with SUPER_ADMIN or ORG_ADMIN role assignments.

MATCH (n:Okta)-[:Okta_HasRoleAssignment|Okta_MemberOf*1..2]->(r:Okta_RoleAssignment)-[:Okta_ScopedTo]->(:Okta_Organization)
WHERE r.type = "SUPER_ADMIN"
OR r.type = "ORG_ADMIN"
RETURN n

This rule is defined in the tier0-principals.json file.

Cypher Queries Okta_Agent

⌘I

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

Privilege Zone Rules

Organization

Tier Zero Devices

Tier Zero Principals

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

​Organization

​Tier Zero Devices

​Tier Zero Principals

Organization

Tier Zero Devices

Tier Zero Principals