![Hyperproof.Io [Test] Help Center](https://downloads.intercomcdn.com/i/o/xgk1dxp2/757668/427b255f2659cc7e0853d6a00ec1/628914ae2617199b7d999ba797a5305a.png)
π Note
Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance in meeting the requirements to integrate with Hyperproof and collect the proof you need.
When you create a Hypersync between Hyperproof and Okta, you can automatically collect the following proof types:
Okta proof types and fields
Proof type | Fields | Testable |
Group Membership List | Person, Username, Primary Email, Status, Description | Yes |
List of Admins | Domain, Name, Email, Role | Yes |
List of API Tokens | ID, Name, Expiration Date, Creation Date, Last Updated | Yes |
List of Deactivated Users | Username, Primary Email, Status, Deactivation Date | Yes |
List of Devices | ID, Device Name, Device Details, Status, Creation Date, Last Updated | Yes |
List of Groups | Group ID, Name, Type, Description, Creation Date, Last Updated | Yes |
List of User Login Events | User ID, User Details, IP Address, Login Date, Status | Yes |
List of Users | Person, Username, Primary Email, Status, Last Login, User ID, Job Title, Manager, Department | Yes |
List of Users for a Given Application | ID, Email, Status, Scope | Yes |
List of Users with MFA Settings | Person, Username, Primary Email, Status, Last Login, MFA | Yes |
Password Policies | Name, Description, Assigned to Groups, Minimum length, Lower case letter, Upper case letter, Number (0-9), Symbol (e.g. ,!@#$%^&*), Does not contain part of username, Does not contain first name, Does not contain last name, Restrict use of common passwords, Password expiration (maxAgeDays), Warn user before expiration, Minimum password age (minAgeMinutes), Enforce password history (historyCount), Attempts before lockout (maxAttempts), Automatic Unlock (autoUnlockMinutes), Send lockout email, Show lockout failure | Yes |
β
Okta notes on proof types
List of Users
π Note
By default this proof type includes all users. Exclude decommissioned users if you receive a message indicating too many results.
List of Users with MFA Settings
π Note
Use the Last Name filter to reduce the number of records returned if you receive a message indicating too many results. Select alphabetical ranges to include users whose last name falls alphabetically within those ranges.
This Hypersync supports importing a user list for an access review. See Importing a list of application users with a Hypersync for more information.
This Hypersync supports importing a company directory for an access review. See Importing a directory with a Hypersync for more information.
Okta proof permissions
β Important
Itβs recommended that a service account be created to generate the API key (note that the API key has the same permissions as the user who created it). The service account should be granted the Read-only Administrator role to allow the Hypersync to gather all necessary information.
In Okta, create a custom role with these specific permissions
View users and their details
View groups and their details
This custom role allows access to the following Hypersync proof types:
List of Users
List of Users with MFA settings
List of Groups
Group Membership List
To use the Password Policies proof type, you must have the Read-only Administrator role. To use the List of Admins proof type, you must have the Super Administrator role.
β
Okta does not provide any finer-grain permission controls to enable a read-only role that encompasses all the different proof types' functionality.
Additional documentation
Connection configuration
Authentication type: Custom
β
Custom authentication parameters: Okta Domain, API Access Token
π Note
You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need.
β
Additionally, you can create multiple Hypersyncs for a single control or label.
π‘ Tip
If you donβt know your access token or donβt have one, you can create one from the Okta Security> API page.
Certain cloud services offer specialized options for IP filtering in their cloud consoles to lock down specific cloud API endpoints for security and compliance purposes. You can use the Hyperproof static IP addresses to allow communication between Hyperproof Hypersyncs and your cloud service.
π Note
IP addresses for the Hyperproof Gov will be deprecated and replaced, as shown in the following table:
Service | Current IP address | New IP address |
Main app | 4.154.201.6 | 4.155.77.155 |
Integrations | 4.246.104.90 | 4.155.78.5 |
To prevent connectivity issues, it is recommended that you include all four IP addresses in your allowlists.
Hyperproof US IP addresses - 20.184.128.53, 52.9.169.38, 52.159.252.1
π Note
IP address 52.9.169.38 will be deprecated and replaced with 52.159.252.1 in the future. To prevent connectivity issues, it is recommended that you include all three IP addresses in your allowlists.
Hyperproof EU IP addresses - 9.141.172.46, 4.185.45.100
Hyperproof Gov IP addresses - 4.154.201.6, 4.246.104.90
See Hyperproof instances for more information.