feat(okta): add authenticator STIG checks#11465
Conversation
- Add authenticator service models and password policy helpers - Add password policy, Smart Card, and Okta Verify FIPS checks - Cover authenticator service and checks with SDK tests
Compliance Mapping ReviewThis PR adds new checks. Please verify that they have been mapped to the relevant compliance framework requirements. New checks not mapped to any compliance framework in this PR
Use the |
|
✅ All necessary |
|
✅ Conflict Markers Resolved All conflict markers have been successfully resolved in this pull request. |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## master #11465 +/- ##
==========================================
+ Coverage 93.96% 94.90% +0.93%
==========================================
Files 243 62 -181
Lines 35653 2592 -33061
==========================================
- Hits 33503 2460 -31043
+ Misses 2150 132 -2018
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
🔒 Container Security ScanImage: 📊 Vulnerability Summary
8 package(s) affected
|
- Emit MANUAL findings when authenticator scopes are missing - Parse common-password enforcement from the SDK model correctly - Paginate password policy retrieval and expand tests
- Format metadata narrative fields with Markdown emphasis - Preserve check identity, URLs, and implementation logic
- Document the Authenticator OAuth scope in Okta setup - Align CLI examples with provider default scopes
- Remove single-quote wrapping from password policy labels - Avoid apostrophes in manual scope guidance
# Conflicts: # prowler/CHANGELOG.md
# Conflicts: # docs/user-guide/providers/okta/authentication.mdx # docs/user-guide/providers/okta/getting-started-okta.mdx # prowler/providers/okta/okta_provider.py # tests/providers/okta/okta_fixtures.py
…ce-password-policy-and-authenticator-checks-sdk
Context
This PR adds Okta Authenticator STIG checks for password policy requirements, Smart Card activation, and Okta Verify FIPS compliance.
Related PR Context
This PR is independent from the Network Zone / API Token stack.
Description
authenticatorservice implementation for password policies and authenticators.okta.authenticators.read.Changelog entry is pending until the PR number is added to the correct release block.
Steps to review
Checklist
Community Checklist
SDK/CLI
okta.authenticators.read.UI
API
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.