make install;

some notes to myself



Integrating Preempt's risk score into each user's Okta profile

Written on June 24, 2021

Preempt (now owned by CrowdStrike) is an IAM security product that sits in front of AD and inspects & analyzes traffic. Part of what it does is generate a risk score for each user, which is based on their activity, access levels, etc. This value is exposed via a GraphQL API which allows it to be tied into other systems. One such use case is having conditional MFA based on each user’s risk score.

I’ve created a Python program to pull the risk score from Preempt and update the user’s Okta profile. The flow itself is pretty simple:

  1. Get the users from Preempt and stick them in a Mongo collection.
  2. Get the users from Okta and stick them in an other Mongo collection.
  3. Join the two collections
    • On the Preempt side, use the ‘upn’ value
    • On the Okta side, use the user profile’s ‘login’ value
  4. Find the users with a difference in their riskScore between the two collections, and update these users in Okta.
  5. Repeat

I have implemented logic to gracefully handle rate limiting and have tested this over thousands of requests to Okta and Preempt without causing any rate-limiting warnings.