![Hyperproof.Io [Test] Help Center](https://downloads.intercomcdn.com/i/o/xgk1dxp2/757668/427b255f2659cc7e0853d6a00ec1/628914ae2617199b7d999ba797a5305a.png)
Note: Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance in meeting the requirements to integrate with Hyperproof and collect the proof you need.
When you create a Hypersync between Hyperproof and Okta, you can automatically collect the following proof types:
Okta proof types and fields
Proof type | Fields | Testable |
Group Membership List | Person, Username, Primary Email, Status, Description | Yes |
List of Admins | Domain, Name, Email, Role | Yes |
List of API Tokens | ID, Name, Expiration Date, Creation Date, Last Updated | Yes |
List of Deactivated Users | Username, Primary Email, Status, Deactivation Date | Yes |
List of Devices | ID, Device Name, Device Details, Status, Creation Date, Last Updated | Yes |
List of Groups | Group ID, Name, Type, Description, Creation Date, Last Updated | Yes |
List of User Login Events | User ID, User Details, IP Address, Login Date, Status | Yes |
List of Users | Person, Username, Primary Email, Status, Last Login, User ID, Job Title, Manager, Department | Yes |
List of Users for a Given Application | ID, Email, Status, Scope | Yes |
List of Users with MFA Settings | Person, Username, Primary Email, Status, Last Login, MFA | Yes |
Password Policies | Name, Description, Assigned to Groups, Minimum length, Lower case letter, Upper case letter, Number (0-9), Symbol (e.g. ,!@#$%^&*), Does not contain part of username, Does not contain first name, Does not contain last name, Restrict use of common passwords, Password expiration (maxAgeDays), Warn user before expiration, Minimum password age (minAgeMinutes), Enforce password history (historyCount), Attempts before lockout (maxAttempts), Automatic Unlock (autoUnlockMinutes), Send lockout email, Show lockout failure | Yes |
Okta notes on proof types
List of Users
Note: By default, this proof type includes all users. Exclude decommissioned users if you receive a message indicating too many results.
List of Users with MFA Settings
Note: Use the Last Name filter to reduce the number of records returned if you receive a message indicating too many results. Select alphabetical ranges to include users whose last name falls alphabetically within those ranges.
This Hypersync supports importing a user list for an access review. See Importing a list of application users with a Hypersync for more information.
This Hypersync supports importing a company directory for an access review. See Importing a directory with a Hypersync for more information.
Rate limits
If you are experiencing time-out errors when collecting proof from Okta, review the Okta Rate limits overview documentation on the Okta developer site. It is possible that Okta's rate limits are preventing Hyperproof from collecting Okta proof. If necessary, you can purchase increased rate limits from Okta.
Okta proof permissions
Note: Hyperproof recommends creating a service account to generate the API key (note that the API key has the same permissions as the user who created it). The service account should be granted the Read-only Administrator role to allow the Hypersync to gather all necessary information.
In Okta, create a custom role with these specific permissions
View users and their details
View groups and their details
This custom role allows access to the following Hypersync proof types:
List of Users
List of Users with MFA settings
List of Groups
Group Membership List
To use the Password Policies proof type, you must have the Read-only Administrator role. To use the List of Admins proof type, you must have the Super Administrator role.
Okta does not provide any finer-grain permission controls to enable a read-only role that encompasses all the different proof types' functionality.
Additional documentation
Connection configuration
Authentication type: Custom
Custom authentication parameters: Okta Domain, API Access Token
Note: You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need.
Additionally, you can create multiple Hypersyncs for a single control or label.
Tip: If you don’t know your access token or don’t have one, you can create one on the Okta Security > API page.
Certain cloud services offer specialized IP filtering options in their cloud consoles to lock down specific cloud API endpoints for security and compliance. You can use the Hyperproof static IP addresses to allow communication between Hyperproof Hypersyncs and your cloud service.
Hyperproof US IP addresses - 20.184.128.53, 52.9.169.38, 52.159.252.1
Note: IP address 52.9.169.38 will be deprecated and replaced with 52.159.252.1 in the future. To prevent connectivity issues, it is recommended that you include all three IP addresses in your allowlists.
Hyperproof EU IP addresses - 9.141.172.46, 4.185.45.100
Hyperproof Gov IP addresses - 4.155.77.155, 4.155.78.5, 4.155.8.97
See Hyperproof instances for more information.