Skip to main content
Applies to BloodHound Enterprise and CE

Overview

User objects (AKA People) represent individuals who have access to the Okta organization. Each user has a unique identifier, username in the email address format, and various attributes such as email, first name, last name, and status. Users are represented as Okta_User nodes in BloodHound.

Edges

The tables below list edges defined by the Okta extension only. Additional edges to or from this node may be created by other extensions.

Inbound Edges

Outbound Edges

Properties

Sample Property Values

User Status

User status can have multiple values, as illustrated below: Okta user status To simplify analysis in BloodHound, the collector maps the Status attribute to the virtual boolean Enabled attribute as follows:
This mapping is a simplification and may not cover all edge cases. Always refer to the actual Status attribute for precise user state information.

Authentication Factors

Okta supports various authentication factors for multi-factor authentication (MFA), such as SMS, email, push notifications, and hardware tokens. In case of mobile and desktop applications, these authentication factors are associated with the Device entities. Other authentication factors, such as YubiKeys and Google Authenticator, are not represented as separate nodes in BloodHound, but the number of enrolled factors is stored in the authenticationFactors attribute of the Okta_User nodes.

Synchronization with External Directories

Users can be synchronized from external directories such as Active Directory (AD) or LDAP. When synchronized, certain attributes may be mapped from the external directory to the Okta user profile. Additional Active Directory attributes