Issue remediation
Remediate ISPM-detected issues on-demand or automatically using Okta Workflows and event hooks. Accelerate your security response by triggering custom actions automatically when issues are detected, or launch delegated flows on-demand directly from the Identity Security Posture Management ISPM console to enforce org policies and reduce attack windows.
Benefits
- Remediate in Okta and external systems
- Use event hooks to remediate issues automatically or on demand in external systems and in Okta. Alternatively, you can also run workflows as needed directly from the ISPM console to remediate issues in Okta or in other ISPM-connected sources that have an Okta Workflows connector.
- Enable security teams
- Allow admins to resolve complex issues in Okta or external systems automatically or on demand with a single click. This removes the need to switch consoles or manually script fixes.
- Accelerate response time
- Fix critical vulnerabilities instantly with automated containment, closing the window of opportunity for attackers.
- Streamline operations
- Automate routine tasks like ticket creation and user suspension, freeing up your team to focus on high-priority threats.
- Enforce policy consistency
- Ensure that every detected issue is handled according to your organization's specific security policies, whether automatically or on-demand.
How it works
ISPM connects detection to response through two primary methods:
Automated Remediation
ISPM uses event hooks (or webhooks) to make outbound calls to external systems or Okta Workflows immediately upon detecting an issue. You can deploy pre-built templates to handle high-severity events automatically, such as suspending compromised users, rotating credentials, or triggering SOAR workflows without manual intervention.
On-Demand Remediation
For issues requiring human judgment, such as reviewing dormant accounts, admins can initiate remediation directly from the ISPM console. This method uses event hooks or delegated flows. Delegated flows are workflows authorized to run on behalf of a configured user. Users review an issue's details and click Remediate to trigger a specific flow. Okta admin role constraints are applicable in the ISPM console to help ensure that users can only run flows assigned to their specific resource set.