Okta
Secure Okta identity and access management via Model Context Protocol (MCP). Access Okta users, groups, applications, logs, and policies through AI assistants with enterprise-grade security.
2.1K
20 Tools
Packaged by
Requires Configuration
Requires Secrets
Add to Docker Desktop
Version 4.43 or later needs to be installed to add the server automatically
Tools
| Name | Description |
|---|---|
analyze_login_risk | Comprehensive login risk analysis for users. SPECIAL TOOL: Collects last 10 login events (policy.evaluate_sign_on) including location patterns, device fingerprints, user agents, ISPs, network zones, and behavioral indicators. Returns comprehensive raw data for LLM risk assessment without making risk decisions. The LLM MUST analyze the returned data and provide clear risk assessment with reasoning based on login patterns, location consistency, device familiarity, and behavioral anomalies while protecting PII. Parameters: - user_identifier: User email, login, or Okta ID (REQUIRED) Returns comprehensive login behavior data including: • User details: status, profile information • Login events: Last 10 policy.evaluate_sign_on events with full context • Location patterns: Geographic information for each login event • Network data: ISP, proxy detection, network organization details • Device fingerprints: Unique device identifiers and consistency analysis • Behavioral analysis: Okta's risk scoring and anomaly detection • Baseline patterns: User's typical behavior patterns for comparison The tool collects raw data only - risk decisions must be made by analyzing: 1. CRITICAL: VPN/Tor/Proxy usage in network data (immediate HIGH RISK) 2. CRITICAL: threat_suspected field (if true, immediate HIGH RISK) 3. Geographic impossibility (multiple distant locations in short timeframes) 4. Location consistency across events 5. Network/ISP consistency patterns 6. Device fingerprint familiarity 7. User agent (OS/browser) stability 8. Okta's behavioral risk scores and flags 9. Authentication timing and outcome patterns Examples: • analyze_login_risk(user_identifier="[email protected]") • analyze_login_risk(user_identifier="john.smith") • analyze_login_risk(user_identifier="00u1abc2def3ghi4jk5") |