Unified connectors is now available for Okta Single Sign-On connectors (Preview)

DeCohen · DeCohen · commit c6ef5742e87e · 2025-08-19T16:57:34.000+03:00
diff --git a/ATPDocs/okta-defender-for-identity-overview.md b/ATPDocs/okta-defender-for-identity-overview.md
@@ -46,11 +46,25 @@ For a full list of supported alerts, see: [Defender for Identity XDR alerts](/de
 
 ### Use advanced hunting to investigate Okta activity
 
-Advanced hunting lets you investigate identity activity across different services including Okta, Active Directory, and Microsoft Entra ID. The IdentityInfo table includes account metadata such as privilege level, group membership, and identity source.
+Advanced hunting lets you investigate identity activity across different services including Okta, Active Directory, and Microsoft Entra ID. The **IdentityInfo** table includes account metadata such as privilege level, group membership, and identity source. The **IdentityEvents** table includes events related to those identities, such as sign-ins, authentication attempts, and identity-related alerts across supported identity providers.
 
-To explore the full schema and build your own queries, see [IdentityInfo ](/defender-xdr/advanced-hunting-identityinfo-table) and [IdentityEvents(Preview)](/defender-xdr/advanced-hunting-identityevents-table?branch=pr-en-us-4691).
+To explore the full schema and build your own queries, see: 
+-  [IdentityInfo ](/defender-xdr/advanced-hunting-identityinfo-table)
+-  [IdentityEvents(Preview)](/defender-xdr/advanced-hunting-identityevents-table).
 
-## Next steps  
+### Remediation Actions 
+
+When Microsoft Defender for Identity identifies an identity as at risk, you can take the following remediation actions directly from the Defender portal to update the user's status in Okta.
+
+- Revoke all user's sessions
+
+- Deactivate user in Okta
+
+- Set user risk in Okta
+
+For more information, see: [Remediation actions in Microsoft Defender for Identity](remediation-actions.md#roles-and-permissions)
+
+## Next steps
 
 - [Connect Okta to Microsoft Defender for Identity](okta-integration.md)
 
diff --git a/ATPDocs/okta-integration.md b/ATPDocs/okta-integration.md
@@ -8,7 +8,7 @@ ms. reviewer: izauer-bit
 
 # Connect Okta to Microsoft Defender for Identity (Preview)
 
-This article explains how to connect Microsoft Defender for Identity to your existing Okta account. This connection gives you visibility into and control over Okta use. For information about how Defender for Identity protects Okta, see: [How Defender for Identity helps protect your Okta environment](okta-defender-for-identity-overview.md).
+This page explains how to connect Microsoft Defender for Identity to your Okta account using the Unified Connectors experience. This connection provides visibility into Okta activity and enables shared data collection across Microsoft security products. The Unified Connectors experience allows Defender for Identity to collect Okta system logs once and share them with other supported Microsoft security products, such as Microsoft Sentinel. This reduces API usage, avoids duplicate data collection, and simplifies connector management. For more details, see [Unified connectors](/azure/sentinel/unified-connector?branch=pr-en-us-302665#unified-collector-service).
 
 ## Prerequisites
 
@@ -24,6 +24,12 @@ Your Okta environment must have one of the following licenses:
 > - The Super Admin role is required only to create the API token. After you create the token, remove the role and assign the Read-Only Administrator and Defender for Identity custom roles for ongoing API access.
 > - If your Okta environment is already integrated with [Microsoft Defender for Cloud Apps](/defender-cloud-apps/protect-okta), connecting it to Microsoft Defender for Identity can cause duplicate Okta data, such as user activity, to appear in the Defender portal.
 
+## Required Entra roles
+
+To successfully set up the Okta connector, ensure that your account has one of the following Entra roles assigned:
+
+- Security Operator
+- Security Admin
 
 ### Connect Okta to Microsoft Defender for Identity
 
@@ -168,4 +174,4 @@ To complete the configuration in Okta, assign the custom role and resource set t
 
 ## Related articles
 
-- [How Defender for Identity helps protect your Okta environment](okta-defender-for-identity-overview.md)
+- [How Defender for Identity helps protect your Okta environment](okta-defender-for-identity-overview.md).
diff --git a/ATPDocs/whats-new.md b/ATPDocs/whats-new.md
@@ -25,6 +25,12 @@ For updates about versions and features released six months ago or earlier, see
 
 ## August 2025
 
+## Unified connectors is now available for Okta Single Sign-On connectors (Preview)
+
+Microsoft Defender for Identity supports the [Unified connectors](/azure/sentinel/unified-connector?branch=pr-en-us-302665#unified-collector-service) experience, starting with the Okta Single Sign-On connector. This enables Defender for Identity to collect Okta system logs once and share them across supported Microsoft security products, reducing API usage and improving connector efficiency.
+
+For more information see: [Connect Okta to Microsoft Defender for Identity (Preview)](okta-integration.md)
+
 
 ## New security posture assessment: Remove discoverable passwords in Active Directory account attributes (Preview)
 
