Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Okta

 

The JSA DSM for Okta collects events by using the Okta REST API.

The following table identifies the specifications for the Okta DSM:

Table 1: Okta DSM Specifications

Specification

Value

Manufacturer

Okta

DSM name

Okta

RPM file name

DSM-OktaIdentityManagement-JSA_version-build_number.noarch.rpm

Protocol

Okta REST API

Event format

JSON

Recorded event types

All

Automatically discovered?

No

Includes identity?

Yes

Includes custom properties?

No

More information

Okta website (https://www.okta.com/)

To integrate Okta with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:

    • Protocol Common

    • Okta REST API Protocol RPM

    • Okta DSM RPM

    If multiple DSM RPMs are required, the integration sequence must reflect the DSM RPM dependency.

  2. Configure the required parameters by using the following table for the Okta log source specific parameters:

    Table 2: Okta DSM Log Source Parameters

    Parameter

    Value

    Log Source type

    Okta

    Protocol Configuration

    Okta REST API

    IP or Hostname

    oktaprise.okta.com

    Authentication Token

    A single authentication token that is generated by the Okta console and must be used for all API transactions.

    Use Proxy

    When a proxy is configured, all traffic for the log source travels through the proxy for JSA to access Okta.

    Configure the Proxy IP or Hostname, Proxy Port, Proxy Username, and Proxy Password fields. If the proxy does not require authentication, you can leave the Proxy Username and Proxy Password fields blank.

    Automatically Acquire Server Certificate(s)

    If you select Yes from the list, JSA downloads the certificate and begins trusting the target server.

    Recurrence

    You can specify when the log source collects data. The format is M/H/D for Months/Hours/Days. The default is 1 M.

    EPS Throttle

    The maximum limit for the number of events per second.

The following table provides a sample event message for the Okta DSM:

Table 3: Okta Sample Message Supported by the Okta Device

Event name

Low level category

Sample log message

Core-User Auth-Login Success

User Login Success

{"eventId":"teveLnptWDqSfKg
2Gq8oO-eVg146522980aaaa","
sessionId":"101V8yTdKXcQ9a9pj
a1uzaaaa","requestId":"V1Wh6
MUxWNbrLROUi3K0jAaaaa",
"published":"2016-04-06T16:
16:40.000Z","action":{
"message":"Sign-in 
successful","categories":
["Sign-in Success"],"object
Type":"core.user_auth.login
_success","requestUri":"/api
/v1/authn"},"actors":[{"id":
"00uzysse4pPSPXWNaaaa",
"displayName":"User","login":
"account@oktaprise.com",
"objectType":"User"},{"id":
"Mozilla/5.0 (Windows NT 6.1;
 WOW64; rv:45.0) Gecko/
20100101 Firefox/45.0",
"displayName":"FIREFOX",
"ipAddress":"1.2.3.4",
"objectType":"Client"}],
"targets":[{"id":"00uzysse
4pPSPXWNaaaa","displayName":
"User","login":"account@
oktaprise.com","objectType":
"User"}]}

Core-User Auth-Login Failed

User Login Failure

{"eventId":"tev7UdwtYhTSkGVA_
rmMJgeJQ1440004117000","sessionId"
:"","requestId":"VdS4FTWJxk6c4mX2wB1
-@wAAA9I","published":"2015-08-
19T17:08:37.000Z","action":
{"message":"Sign-in Failed - Not 
Specified","categories":["Sign-in 
Failure","Suspicious Activity"],
"objectType":"core.user_auth.
login_failed","requestUri":"/
login/do-login"},"actors":[{"id"
:"Mozilla/5.0 (Windows NT 6.3; 
WOW64; Trident/7.0; rv:11.0) 
like Gecko","displayName":"x x",
"ipAddress":"1.1.1.1","objectType"
:"Client"}],"targets":[{"id":"",
"objectType":"User"}]}