Cloned Website/CSS Canarytokens are ideal candidates for login pages. Use these Canarytokens to detect website cloning when an attacker's serving up a fake instance of your identity provider (e.g. Okta).
Step 1: Create a New Brand in Okta
Log into your Okta admin panel.
- Select Brands from the left panel under Customizations.
- Select + Create brand.
This is an Okta customisation feature which we'll use to embed our Canarytoken.
Step 2: Add and Configure Your Custom Domain
In order to use the code editor (which we'll use to embed our CSS) for your Okta Sign-in page, a custom domain needs to be configured. Follow the Add domain wizard and specify your domain.
We're using login.inyoni-corp.com in our example. Your domain should follow the same format of your-subdomain.your-real-domain.com. DNS changes are required as part of this process, meaning that you will not be able to use a subdomain on okta's primary domain (e.g. your-subdomain.okta.com).
You can verify that your custom domain is configured correctly, by looking for the Active Status on your domain.
Step 3: Log In to the Canary Console
Step 4: Open the Canarytokens
Select the Canarytokens tile.
Step 5: Choose the Cloned CSS Token
Select the Cloned CSS token from the list.
Step 6: Set the Domain and Create Your Token
- Enter the website domain under Cloned Site. This is the domain of the website you'd like to protect.
- Click Create token.
we used "login.inyoni-corp.com" as the domain.
Step 7: Copy the Token Code
Step 8: Embed the Token in Your Okta Sign-in Page
- Open the Code editor.
- Click Edit on the right side.
- Paste the Canarytoken value inside a hidden "div" element as seen below.
Alert
An alert is triggered when the cloned website is loaded.