.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Checks that users with access to critical systems are authorized in Okta.Documentation Index
Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
Use this file to discover all available pages before exploring further.
Why This Matters
Unauthorized or excessive access to critical systems increases your attack surface and violates the principle of least privilege. Users with access beyond what their role requires can inadvertently or maliciously access sensitive data. Regular access validation is a core requirement of SOC 2 (CC6.1, CC6.2) and ISO 27001 (A.9.2.5).What DSALTA Checks
DSALTA connects to your Okta environment using read-only API access and evaluates this configuration on every sync cycle. The test result appears in your Data Library → Tests dashboard:- Passing — The configuration meets requirements. No action needed.
- Failing — The configuration does not meet requirements. Follow the remediation steps below.
- Not configured — The integration is connected but the required service or feature has not been set up yet.
How to Fix
If this test is failing, follow these steps to remediate:- Navigate to DSALTA → Data Library → Access to view all users with access to Okta.
- Review each user’s role and permissions against their current job function.
- For any user whose access is no longer valid, either remove their access entirely or adjust their role to match their current responsibilities.
- In DSALTA, mark each reviewed user as In Scope (valid access) or Not in Scope (access to be revoked).
- Document the review decision and the reviewer’s name.
- Set up a recurring access review schedule (quarterly recommended) in DSALTA.
- Once all users have valid, documented access, DSALTA will update the test status to Passing.
Frequently Asked Questions
How often does this test run?
How often does this test run?
This test runs automatically every 24 hours when the Okta integration is connected. You can trigger a manual sync at any time from the integration settings page.
What happens if this test fails?
What happens if this test fails?
A failing test generates an alert in your DSALTA dashboard. The assigned responsible role receives a notification. Remediate the issue before it affects your compliance posture.
Can I exclude this test?
Can I exclude this test?
Yes. If this test does not apply to your environment, you can mark it as Not Applicable with a justification. This exclusion is documented for auditors.
Does DSALTA modify my Okta configuration?
Does DSALTA modify my Okta configuration?
No. DSALTA uses read-only API access and never modifies, creates, or deletes resources in your environment. Remediation actions must be performed by your team directly in Okta.