Issue
Why did we get an error when an Entra ID or Okta automate action attempted to execute?
Environment
Red Canary
Microsoft Entra ID
Okta
Resolution
Errors can occur due to Entra ID or Okta Identity based threats not receiving all the information needed to execute the action.
Cause
Each response actions (Okta, EntraID) is relevant only for its own integration.
For Okta, if the automate action attempts to do a match on identity but none is passed, the user is presented with a list of users to run action against.
For Entra ID automate actions, specific information needs to be passed to Entra ID in order for the action to work as expected. When information published in threats for example, is originating from non-Microsoft sources, there is a possibility of the identity information not being complete which can cause the action to not complete as expected.
There are plans on the future roadmap to address this.
Comments
0 comments
Please sign in to leave a comment.