Report Inactive Okta Accounts
Routinely scan Okta environments for potential inactive accounts and deactivate accounts within the case if necessary.
If run with flowpipe server
, this mod will run the scan every day at 9 AM UTC.
Installation
Download and install Flowpipe (https://flowpipe.io/downloads). Or use Brew:
brew tap turbot/tapbrew install flowpipe
Clone:
git clone https://github.com/turbot/flowpipe-samples.gitcd access_management/report_inactive_okta_accounts
flowpipe mod install
Credentials
By default, the following environment variables will be used for authentication:
JIRA_API_TOKEN
JIRA_URL
JIRA_USER
OKTA_TOKEN
OKTA_ORGURL
You can also create credential
resources in configuration files:
vi ~/.flowpipe/config/jira.fpc
credential "jira" "default" { base_url = "https://test.atlassian.net/" api_token = "ATATT3........." username = "abc@email.com"}
vi ~/.flowpipe/config/okta.fpc
credential "okta" "default" { domain = "https://test.okta.com" api_token = "00B63........"}
For more information on credentials in Flowpipe, please see Managing Credentials.
Usage
Run the pipeline to run the scan immediately:
flowpipe pipeline run report_inactive_okta_accounts --arg project_key=project-foo --arg issue_type=Task --arg inactive_hours=48
To run the scan at the scheduled time, start the Flowpipe server:
flowpipe server
Once started, Flowpipe will run the pipeline automatically at the scheduled time.
Configuration
To avoid entering variable values when running the pipeline or starting the server, you can set variable values:
cp flowpipe.fpvars.example flowpipe.fpvarsvi flowpipe.fpvars
# Requiredinactive_hours = "48"issue_type = "Task"project_key = "project-foo"
# Optional# jira_cred = "non_default_cred"# okta_cred = "non_default_cred"