Skip to main content
All CollectionsTemplatesIntermediate
Detect impossible travels in Okta logins. - Workflow Template
Detect impossible travels in Okta logins. - Workflow Template

Analyzes users' successful logins from different locations within a short timeframe to detect possible Impossible Travel escenarios.

Updated over 7 months ago

The workflow template "Detect Impossible Travels in Okta Logins" is designed for businesses looking to enhance their security by analyzing successful user logins across different locations within a short timeframe. This template helps in detecting impossible travel scenarios, suggesting potential account hijacking. It maintains a history of user logins, obtains geolocation for IPs, and compares distances between consecutive logins to identify suspicious activities. If a compromise is detected, it supports automated password resets and notifies administrators via Slack, enriching the IP reputation using VirusTotal and Recorded Future integrations. This serves the Identity and Access Management, and Suspicious User Activity use cases.

Trigger

Okta

Use Cases

Identity and Access Management , Suspicious User Activity

Workflow Breakdown

  1. It triggers only on successful logins and maintains the user's login history using global variables.

  2. It obtains the geolocation of the source IP and compares it with the geolocation of the last login to find the distance between the two locations.

  3. It can use VirusTotal and Recorded Future to enrich the source IP reputation

  4. When the password is reset, the user will receive a link by email to define a new password.

Vendors

Slack, Scripting, Utils, Okta, VirusTotal, HTTP, Jira Cloud, Recorded Future, Torq

Workflow Output

The administrator will receive the reputation of the source IP in a Slack message. If compromised passwords are detected, they can be automatically reset.

Did this answer your question?