Remediation using event hooks

Event hooks (or webhooks) are automated outbound calls that Identity Security Posture Management (ISPM) makes to your external systems when it detects new issues in your org. Use event hooks to send notifications to your security systems, create service management tickets, or share data across apps. You can also use them to trigger incident remediation actions by integrating with Security Orchestration, Automation, and Response (SOAR) workflows.

After you configure event hooks in ISPM, you can also use Okta Workflows templates to respond to security issues detected by ISPM. These templates are automated workflows that help minimize security risks associated with privileged accounts, compromised credentials, and misconfigurations. You can trigger workflows for the following templates using ISPM event hooks:

ISPM Event Routing Flow
Suspend Okta Account as a Response to ISPM Detection
Disable Microsoft Entra ID Account as a Response to ISPM Detection
Deactivate Salesforce User as a Response to ISPM Detection
Suspend Google Workspace User as a Response to ISPM Detection
Okta - Add User to a Group as a Response to ISPM Detection
Entra ID - Add User to a Group as a Response to ISPM Detection
Okta - Reset User Password Upon Next Login as a Response to ISPM Detection

Remediation using event hooks

Related topics