Okta is an identity and single sign-on service. In order to collect data from Okta, you will need to authorize InsightOps to access your Okta administrator account.
Before You Start
When creating an Okta event source, you will be prompted to create a credential containing a "Token / Secret" and a "Domain."
The Token value can be generated by the customer following the instructions here.
The Domain value is the first component of your Okta domain. For example, if you use "mydomain.okta.com," the Domain field should be populated with "mydomain."
Configure the Okta integration
From within Okta:
- Select API from the Security menu.The following screen displays.
- Click the Create Token button. Note: The token inherits the permissions of the user account used to create the token. Create the token from an account that has the proper privileges. A user must be enrolled in multi-factor authentication (MFA) to create an API token.
- Follow the instructions that the Okta screen displays to complete the creation of the token
Note: Okta uses a bearer token for API authentication with a sliding scale expiration. Tokens are valid for 30 days and automatically refresh with each API call. Tokens that are not used for 30 days will expire. The token lifetime is currently fixed and cannot be changed for your organization. If a user account is deactivated in Okta, the API Token is deprovisioned at the same time.
Configuring This Event Source in InsightOps
In order to connect Okta logs with InsightOps, you'll need the following information:
- Token/Secret (described below)
- Refresh Frequency (hours)
Perform the following steps to allow InsightOps to access Okta.
- From InsightOps, click Data Collection from the lefthand menu.
- Select Add Data in the top right corner.
- Select the Cloud Service icon from the Security Data section.
- Select Okta from the Event Source drop-down menu.
- Optionally, add a display name in the Display Name field.
- Select the appropriate timezone from the Timezone drop-down menu.
- Enter the access token in the Access Token field.
- Enter the Okta subdomain in the Okta Subdomain field.
- Enter the refresh frequency in hours in the Refresh Frequency field.
- Click the Save button
After the Okta event source is added to the Collector list, it will take a few seconds to start communicating. When it is running and communicating with the Collector, a check mark appears on the right.
Okta requires the use of a token to integrate with other applications. Click here for more information.