From 9e6d3c4bca5cd3ac176c837ed7a174a224350b50 Mon Sep 17 00:00:00 2001 From: sandhiya376 Date: Fri, 27 Jun 2025 14:56:26 +0530 Subject: [PATCH 1/7] okta manage login activity --- plugins/okta-manage-login-activity/README.md | 69 +++++++++++++++++++- 1 file changed, 68 insertions(+), 1 deletion(-) diff --git a/plugins/okta-manage-login-activity/README.md b/plugins/okta-manage-login-activity/README.md index bd22eaba..041c462d 100644 --- a/plugins/okta-manage-login-activity/README.md +++ b/plugins/okta-manage-login-activity/README.md @@ -1,8 +1,10 @@ --- description: A plugin that helps security teams stay informed about login activity and mitigate risk. -fidelity: IDEA +fidelity: GUIDE name: Manage Login Activity +difficulty_level: BEGINNER +time_in_minutes: 20 purple_chat_link: https://developer.moveworks.com/creator-studio/developer-tools/purple-chat/?conversation=%7B%22startTimestamp%22%3A%2211%3A43+AM%22%2C%22messages%22%3A%5B%7B%22role%22%3A%22user%22%2C%22parts%22%3A%5B%7B%22richText%22%3A%22Has+anyone+logged+in+from+a+region+where+we+don%27t+operate+as+a+company+in+the+last+week%3F%22%7D%5D%7D%2C%7B%22role%22%3A%22assistant%22%2C%22parts%22%3A%5B%7B%22reasoningSteps%22%3A%5B%7B%22status%22%3A%22success%22%2C%22richText%22%3A%22Queries+Okta+for+logins+from+regions+outside+company+operations+in+the+last+week.%22%7D%5D%7D%2C%7B%22richText%22%3A%22%3Cp%3EFound+logins+from+regions+not+covered+by+our+operations.+Here+are+the+details%3A%3C%2Fp%3E%22%7D%2C%7B%22richText%22%3A%22%3Cb%3E%3Cp%3ELogin+Detail+1%3C%2Fp%3E%3C%2Fb%3E%3Cbr%3E%3Cp%3E%3Cb%3EUser%3A+%3C%2Fb%3EJohn+Doe%3Cbr%3E%3Cb%3ERegion%3A+%3C%2Fb%3ESouth+America%3Cbr%3E%3Cb%3ETime%3A+%3C%2Fb%3E2023-03-21+10%3A00+AM%3Cbr%3E%3C%2Fp%3E%22%7D%2C%7B%22richText%22%3A%22%3Cb%3E%3Cp%3ELogin+Detail+2%3C%2Fp%3E%3C%2Fb%3E%3Cbr%3E%3Cp%3E%3Cb%3EUser%3A+%3C%2Fb%3EJane+Smith%3Cbr%3E%3Cb%3ERegion%3A+%3C%2Fb%3EAustralia%3Cbr%3E%3Cb%3ETime%3A+%3C%2Fb%3E2023-03-22+02%3A00+PM%3Cbr%3E%3C%2Fp%3E%22%7D%5D%7D%2C%7B%22role%22%3A%22assistant%22%2C%22parts%22%3A%5B%7B%22richText%22%3A%22%3Cp%3EWould+you+like+to+file+a+ticket+to+investigate+these+logins%3F%3C%2Fp%3E%22%7D%2C%7B%22buttons%22%3A%5B%7B%22style%22%3A%22filled%22%2C%22buttonText%22%3A%22File+Ticket%22%7D%2C%7B%22style%22%3A%22outlined%22%2C%22buttonText%22%3A%22Ignore%22%7D%5D%7D%5D%7D%5D%7D solution_tags: - IT @@ -10,3 +12,68 @@ systems: - okta --- +## **Introduction :** + +The **Manage Login Activity plugin** integrates Okta with the Moveworks AI Assistant. It enables security teams to monitor user login activity across specific groups and identify suspicious behavior such as logins from unknown devices, new locations, or elevated risk levels + +This guide will walk you through installing and configuring the plugin in Agent Studio in just a few minutes. Let’s get started! + +## **Prerequisites :** + +- Access to Agent Studio + +## **What are we building?** + +### **Agent Design** + +This [purple chat](https://developer.moveworks.com/creator-studio/developer-tools/purple-chat/?conversation=%7B%22startTimestamp%22%3A%2211%3A43+AM%22%2C%22messages%22%3A%5B%7B%22parts%22%3A%5B%7B%22richText%22%3A%22%3Cp%3EAny+suspicious+login+activity+recorded+recently%3F%3C%2Fp%3E%22%7D%5D%2C%22role%22%3A%22user%22%7D%2C%7B%22parts%22%3A%5B%7B%22reasoningSteps%22%3A%5B%7B%22richText%22%3A%22Searching+Okta+for+recent+high-risk+login+events.%22%2C%22status%22%3A%22success%22%7D%5D%7D%2C%7B%22richText%22%3A%22%3Cp%3EI+found+a+high-risk+login+event+for+%3Cstrong%3EAnderson+Perez%3C%2Fstrong%3E.%3C%2Fp%3E%5Cn%3Cul%3E%5Cn++%3Cli%3E%3Cstrong%3EIP+Address%3A%3C%2Fstrong%3E+203.0.113.1%3C%2Fli%3E%5Cn++%3Cli%3E%3Cstrong%3ELocation%3A%3C%2Fstrong%3E+Bogota%2C+Colombia%3C%2Fli%3E%5Cn++%3Cli%3E%3Cstrong%3EDevice%3A%3C%2Fstrong%3E+Chrome+on+Windows%3C%2Fli%3E%5Cn++%3Cli%3E%3Cstrong%3ETime%3A%3C%2Fstrong%3E+11+PM+UTC%3C%2Fli%3E%5Cn++%3Cli%3E%3Cstrong%3ERisk+Level%3A%3C%2Fstrong%3E+HIGH%3C%2Fli%3E%5Cn%3C%2Ful%3E%22%7D%2C%7B%22citations%22%3A%5B%7B%22citationTitle%22%3A%22Anderson+Perez%22%2C%22connectorName%22%3A%22okta%22%7D%5D%7D%5D%2C%22role%22%3A%22assistant%22%7D%5D%7D) shows the experience we are going to build. + +## **Installation Steps** + +While you can create a connector during plugin installation, we recommend setting up the connector in **Agent Studio** beforehand to streamline the process. Please follow our **[Okta Connector Guide](https://developer.moveworks.com/marketplace/package/?id=okta&hist=home%2Cbrws#how-to-implement)** for detailed instructions. Once completed, proceed to install the plugin and complete the setup efficiently. + +**For this plugin, ensure the Okta API token user has the following minimum permissions:** + +- **Read** access to the **Groups API** (**groups**) +- **Read** access to the **Group Members API** (**users**) +- **Read** access to the **System Log API** (**logs**) + +After configuring the connector, refer to our [**plugin installation documentation**](https://help.moveworks.com/docs/ai-agent-marketplace-installation) for more details on completing the setup! + +## **Appendix** + +### **API #1: Get Group ID by Group Name** + +```bash +curl --location 'https://.okta.com/api/v1/groups?q=' \ +--header 'Authorization: Bearer ' \ +--header 'Accept: application/json' +``` + +**Query Parameters:** + +- `team` (string) – Team name used to retrieve the team ID. + +### **API #2: Get Users by Team ID** + +```bash +curl --location 'https://.okta.com/api/v1/groups//users' \ +--header 'Authorization: Bearer ' \ +--header 'Accept: application/json' +``` + +**Query Parameters:** + +- `team_id` (string) – Team ID used to retrieve the users + +### **API #3: Get Suspicious Login Logs by User ID** + +```bash +curl --location 'https://.okta.com/api/v1/logs?filter=eventType%20eq%20%22user.session.start%22%20and%20outcome.result%20eq%20%22SUCCESS%22%20and%20actor.id%20eq%20%22%22%20and%20debugContext.debugData.risk%20co%20%22level%3DMEDIUM%22&sortOrder=DESCENDING&limit=1' \ +--header 'Authorization: Bearer ' \ +--header 'Accept: application/json' +``` + +**Query Parameters:** + +- `user_id` (string) – User ID to retrieve suspicious login activity. From ea8cd6051ab2c942b272f2c054ff11b55c106297 Mon Sep 17 00:00:00 2001 From: sandhiya376 Date: Fri, 27 Jun 2025 14:57:59 +0530 Subject: [PATCH 2/7] okta manage login activity --- plugins/okta-manage-login-activity/.codeblocks/block_0.sh | 3 +++ plugins/okta-manage-login-activity/.codeblocks/block_1.sh | 3 +++ plugins/okta-manage-login-activity/.codeblocks/block_2.sh | 3 +++ 3 files changed, 9 insertions(+) create mode 100644 plugins/okta-manage-login-activity/.codeblocks/block_0.sh create mode 100644 plugins/okta-manage-login-activity/.codeblocks/block_1.sh create mode 100644 plugins/okta-manage-login-activity/.codeblocks/block_2.sh diff --git a/plugins/okta-manage-login-activity/.codeblocks/block_0.sh b/plugins/okta-manage-login-activity/.codeblocks/block_0.sh new file mode 100644 index 00000000..ababc566 --- /dev/null +++ b/plugins/okta-manage-login-activity/.codeblocks/block_0.sh @@ -0,0 +1,3 @@ +curl --location 'https://.okta.com/api/v1/groups?q=' \ +--header 'Authorization: Bearer ' \ +--header 'Accept: application/json' diff --git a/plugins/okta-manage-login-activity/.codeblocks/block_1.sh b/plugins/okta-manage-login-activity/.codeblocks/block_1.sh new file mode 100644 index 00000000..f8609d3b --- /dev/null +++ b/plugins/okta-manage-login-activity/.codeblocks/block_1.sh @@ -0,0 +1,3 @@ +curl --location 'https://.okta.com/api/v1/groups//users' \ +--header 'Authorization: Bearer ' \ +--header 'Accept: application/json' diff --git a/plugins/okta-manage-login-activity/.codeblocks/block_2.sh b/plugins/okta-manage-login-activity/.codeblocks/block_2.sh new file mode 100644 index 00000000..c80c9ecd --- /dev/null +++ b/plugins/okta-manage-login-activity/.codeblocks/block_2.sh @@ -0,0 +1,3 @@ +curl --location 'https://.okta.com/api/v1/logs?filter=eventType%20eq%20%22user.session.start%22%20and%20outcome.result%20eq%20%22SUCCESS%22%20and%20actor.id%20eq%20%22%22%20and%20debugContext.debugData.risk%20co%20%22level%3DMEDIUM%22&sortOrder=DESCENDING&limit=1' \ +--header 'Authorization: Bearer ' \ +--header 'Accept: application/json' From 941c6cab9262227c9a8da55c1eaf0a0a36cf4909 Mon Sep 17 00:00:00 2001 From: sandhiya376 Date: Tue, 1 Jul 2025 13:35:41 +0530 Subject: [PATCH 3/7] okta_manage_login_activity --- plugins/okta-manage-login-activity/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/okta-manage-login-activity/README.md b/plugins/okta-manage-login-activity/README.md index 041c462d..4dedd9a5 100644 --- a/plugins/okta-manage-login-activity/README.md +++ b/plugins/okta-manage-login-activity/README.md @@ -14,7 +14,7 @@ systems: --- ## **Introduction :** -The **Manage Login Activity plugin** integrates Okta with the Moveworks AI Assistant. It enables security teams to monitor user login activity across specific groups and identify suspicious behavior such as logins from unknown devices, new locations, or elevated risk levels +The **Manage Login Activity plugin** works with the Okta connector to help the Moveworks AI Assistant monitor user login activity. It enables security teams to identify suspicious behavior—such as logins from unknown devices, new locations, or elevated risk levels—across specific user groups. This guide will walk you through installing and configuring the plugin in Agent Studio in just a few minutes. Let’s get started! @@ -32,7 +32,7 @@ This [purple chat](https://developer.moveworks.com/creator-studio/developer-too While you can create a connector during plugin installation, we recommend setting up the connector in **Agent Studio** beforehand to streamline the process. Please follow our **[Okta Connector Guide](https://developer.moveworks.com/marketplace/package/?id=okta&hist=home%2Cbrws#how-to-implement)** for detailed instructions. Once completed, proceed to install the plugin and complete the setup efficiently. -**For this plugin, ensure the Okta API token user has the following minimum permissions:** +**For this plugin, ensure the Okta API token user has the following required permissions:** - **Read** access to the **Groups API** (**groups**) - **Read** access to the **Group Members API** (**users**) From ceb5c5a02e19b541f3d2ccbf97a96d89cf93385f Mon Sep 17 00:00:00 2001 From: sandhiya376 Date: Tue, 1 Jul 2025 14:25:37 +0530 Subject: [PATCH 4/7] okta_manage_login_activity --- plugins/servicenow-check-employee-id/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/servicenow-check-employee-id/README.md b/plugins/servicenow-check-employee-id/README.md index 481325b1..9cae3378 100644 --- a/plugins/servicenow-check-employee-id/README.md +++ b/plugins/servicenow-check-employee-id/README.md @@ -13,3 +13,4 @@ systems: video: https://www.loom.com/share/798cecea1d4f400dbbbef9a484df9d7d?sid=22ec6eaa-80f0-4946-8783-a23a002ca824 --- + From 2d00559596a07c3c7ddb1adf2632245bda4e9154 Mon Sep 17 00:00:00 2001 From: sandhiya376 Date: Tue, 1 Jul 2025 14:40:52 +0530 Subject: [PATCH 5/7] okta_manage_login_activity --- plugins/okta-manage-login-activity/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/okta-manage-login-activity/README.md b/plugins/okta-manage-login-activity/README.md index 4dedd9a5..e5160b81 100644 --- a/plugins/okta-manage-login-activity/README.md +++ b/plugins/okta-manage-login-activity/README.md @@ -16,7 +16,7 @@ systems: The **Manage Login Activity plugin** works with the Okta connector to help the Moveworks AI Assistant monitor user login activity. It enables security teams to identify suspicious behavior—such as logins from unknown devices, new locations, or elevated risk levels—across specific user groups. -This guide will walk you through installing and configuring the plugin in Agent Studio in just a few minutes. Let’s get started! +This guide will walk you through installing and configuring the plugin in Agent Studio in just a few minutes. Let’s get started!. ## **Prerequisites :** From d95e9547de9daf947d2fc62d5fb9698294ed810e Mon Sep 17 00:00:00 2001 From: sandhiya376 Date: Tue, 1 Jul 2025 15:14:47 +0530 Subject: [PATCH 6/7] okta_manage_login_activity --- plugins/okta-manage-login-activity/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/okta-manage-login-activity/README.md b/plugins/okta-manage-login-activity/README.md index e5160b81..4c6eff26 100644 --- a/plugins/okta-manage-login-activity/README.md +++ b/plugins/okta-manage-login-activity/README.md @@ -16,7 +16,7 @@ systems: The **Manage Login Activity plugin** works with the Okta connector to help the Moveworks AI Assistant monitor user login activity. It enables security teams to identify suspicious behavior—such as logins from unknown devices, new locations, or elevated risk levels—across specific user groups. -This guide will walk you through installing and configuring the plugin in Agent Studio in just a few minutes. Let’s get started!. +This guide will walk you through installing and configuring the plugin in Agent Studio in just a few minutes. Let’s get started! ## **Prerequisites :** @@ -76,4 +76,4 @@ curl --location 'https://.okta.com/api/v1/logs?filter=eventType%2 **Query Parameters:** -- `user_id` (string) – User ID to retrieve suspicious login activity. +- `user_id` (string) – User ID to retrieve suspicious login activity From 0dd398b9bd3b7d1bcb1990c78a1928d7f4775670 Mon Sep 17 00:00:00 2001 From: sandhiya376 Date: Wed, 2 Jul 2025 12:04:39 +0530 Subject: [PATCH 7/7] introduction changed --- plugins/okta-manage-login-activity/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/okta-manage-login-activity/README.md b/plugins/okta-manage-login-activity/README.md index 4c6eff26..724fab68 100644 --- a/plugins/okta-manage-login-activity/README.md +++ b/plugins/okta-manage-login-activity/README.md @@ -14,7 +14,7 @@ systems: --- ## **Introduction :** -The **Manage Login Activity plugin** works with the Okta connector to help the Moveworks AI Assistant monitor user login activity. It enables security teams to identify suspicious behavior—such as logins from unknown devices, new locations, or elevated risk levels—across specific user groups. +The **Manage Login Activity plugin** users monitor login activity with Okta through the Moveworks AI Assistant. It enables security teams to identify suspicious behavior—such as logins from unknown devices, new locations, or elevated risk levels—across specific user groups. This guide will walk you through installing and configuring the plugin in Agent Studio in just a few minutes. Let’s get started!