Using SaaS Templates to Monitor Applications on Okta + Zscaler

Templates in Catchpoint provides an easy way to create a script skeleton and then set up multiple scripts using the same template. The feature is a faster way to generate test scripts, as you don’t have to create every single one from scratch. Catchpoint provides several out-of-the-box templates to choose from, and you can create custom templates for different use cases.

Recently, we worked on an interesting requirement using templates: monitoring different SaaS applications accessed through Okta + Zscaler.

Okta is a single sign-on application which manages and secures access to applications. It provides a secure and centralized place where all the applications reside. These applications can be easily accessed once the user is authenticated.

Zscaler is a security provider that provides fast and secure access to the Internet. With the advent of cloud-first strategy, most applications reside on the cloud and this makes it essential to ensure that the security is not compromised when accessing applications over Internet.

The scenario we were working on required the user to authenticate using Okta, after which all the network traffic is directed through Zscaler.

The Challenge

One of the major challenges encountered during the script setup was simulating an actual user navigation through Okta + Zscaler. The transaction flow involves loading the Okta login page, then authenticating a user, accessing one of the applications already assigned to the user, and finally verify the application page load.

Most Okta users are assigned multiple applications, and all these applications are accessed with a single account. So when monitoring, a single Okta account has to be used. Once logged into Okta, all the applications associated with it need to be monitored from different locations across the globe.

Simulating the login of one account from multiple locations within a short time is a challenge. Such activity is usually treated with suspicion and categorized as a bot attack, and the account can get locked as a safety measure.

In such a situation, all the monitoring scripts would fail as the script is unable to login. So we had to come up with a monitoring strategy that would use a single login account and monitor multiple applications from across the globe.

The Solution

Catchpoint allows users to create custom templates for scripts and then set up multiple scripts using these custom templates. Using the template feature, we were able to create/set up a script and easily overcome the challenge discussed earlier.

Here is how the logic for script set up works:

To set this up, we have to create two templates using the above scripts.

The first script is used for logging into the Okta account and all the necessary login session cookies are stored in a global variable. This script will run from just one location at a low frequency. The frequency for the first script can be determined by checking the validity of the session cookie. For example, if the session cookies expire after 9 hours, then this script can be executed once every 8 hours. This will ensure that we always have valid session cookies.

The second script will use the session cookies stored in the global variable and log directly into the application. The session cookies are passed with each page request to authenticate each request, and this ensures that these requests are redirected through Zscaler. This script can run at a higher frequency based on the monitoring strategy. Also, the second script can be scheduled to run from multiple locations across the globe.

The same template can be used to set up tests for different applications within an Okta account just by adding the application URL. This allows to easily monitor different applications without much modification.

As the scripts are saved as templates, we can use the second script template to set up multiple scripts directly from the UI. Users not familiar with Selenium will find this very helpful; they can use the UI to pass required values easily and quickly set up a script. Templates provide an easy way to set up and reuse existing scripts.

Conclusion

The Okta + Zscaler scenario required a different approach to setting up transaction tests that involved logging into multiple applications associated with one Okta account. We needed to ensure that running multiple tests did not cause the account to be flagged or locked and that the scripts wouldn’t fail due to script/account login issue.

Templates provide an easy way to set up and reuse existing scripts. With the use of templates, we were able to create two script skeletons or a script outline. The script logs into Okta and stores the necessary session cookies. The next script uses the stored cookies to authenticate, and we can access multiple applications assigned to that specific Okta account. So the simulated transaction test did not have to login to Okta every time it accessed an application. Instead, the test was scheduled to run only when the stored cookies expired.