Prerequisites
Before you begin, ensure that the following prerequisites are met:| Prerequisite | Description |
|---|---|
| Ensure graph database is PostgreSQL | For best performance, BloodHound requires PostgreSQL as the graph database rather than Neo4j |
| Create an API service application | Provides the necessary authentication for the Okta collector to access your Okta environment |
| Configure the collector | Configure the OpenHound collector to gather data from your Okta organization |
Register the Extension
The Okta collector includes a schema that tells BloodHound how to model and analyze data from your Okta organization. You must register the extension before you upload data generated by the Okta collector. Choose the registration approach that best fits your environment:- Simple (recommended): Upload all required and optional schemas up front.
- Specific: Upload the required schemas first, then upload only the optional supporting schemas for the collectors you actively use.
Hybrid edge data references node kinds across collectors. If the supporting schemas aren’t uploaded first, you may encounter missing node kind errors when uploading or exploring hybrid data (
okta-graph-hybrid.json).Required Schemas
The Okta collector bundle includes the required Okta collector schema as well as a required SCIM schema.Optional Schemas
OktaHound also includes optional supporting schemas for related data sources. These schemas enable additional node and edge types in BloodHound that are relevant to Okta environments. If you use Okta with any of the supported data sources in your environment, upload the corresponding schema to ensure that the data is properly modeled in BloodHound.| Data source | Optional schema file |
|---|---|
| GitHub | bhe-github-extension.json |
| Jamf | bhe-jamfhound-extension.json |
| 1Password | bhce-1passhound-extension.json |
| Snowflake | bhce-snowflake-extension.json |
Import Cypher Queries
The Okta collector provides custom Cypher queries to help you identify attack paths and misconfigurations in your Okta environment. These queries are included in thequeries directory of the OktaHound extension.
To use these queries, you must first import the queries/*.json files into BloodHound. You can then run the queries on the Explore page.
Cypher queries that reference node or edge kinds not present in the database will fail without the extension schema (for example:
failed to translate kinds: unable to map kinds: Okta_ApiServiceIntegration). Community Edition users can work around this by removing the unrecognized node and edge kinds from the queries until the extension schema becomes available for BloodHound Community Edition.Next Steps
- Explore the Okta node types and edge types in the schema reference
- Try the Okta Cypher queries on the Explore page
- Learn about Okta attack paths and what to look for
- Use OktaHound’s specialized queries to create or update Cypher-based Privilege Zone rules
- Join the
#oktachannel on the BloodHound Community Slack for questions and discussion