Okta
The JSA DSM for Okta collects Okta REST API events from an Okta device.
The following table identifies the specifications for the Okta DSM:
Specification |
Value |
---|---|
Manufacturer |
Okta |
DSM name |
Okta |
RPM file name |
DSM-OktaIdentityManagement-JSA_version-build_number .noarch.rpm |
Protocol |
Okta REST API |
Event format |
JSON |
Recorded event types |
All |
Automatically discovered? |
No |
Includes identity? |
Yes |
Includes custom properties? |
No |
More information |
Okta website (https://www.okta.com/) |
To integrate Okta with JSA, complete the following steps:
If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:
Protocol Common
Okta REST API Protocol RPM
Okta DSM RPM
If multiple DSM RPMs are required, the integration sequence must reflect the DSM RPM dependency.
Add an Okta log source on the JSA Console:
Table 2: Okta DSM Log Source Parameters Parameter
Value
Log Source type
Okta
Protocol type
Okta REST API
Name
A name for the log source
Description (optional)
A description for the log source
The following table provides a sample event message for the Okta DSM:
Event name |
Low level category |
Sample log message |
---|---|---|
Core-User Auth-Login Success |
User Login Success |
{"eventId":"teveLnptWDqSfKg 2Gq8oO-eVg146522980aaaa"," sessionId":"101V8yTdKXcQ9a9pj a1uzaaaa","requestId":"V1Wh6 MUxWNbrLROUi3K0jAaaaa", "published":"2016-04-06T16: 16:40.000Z","action":{ "message":"Sign-in successful","categories": ["Sign-in Success"],"object Type":"core.user_auth.login _success","requestUri":"/api /v1/authn"},"actors":[{"id": "00uzysse4pPSPXWNaaaa", "displayName":"User","login": "account@oktaprise.com", "objectType":"User"},{"id": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/ 20100101 Firefox/45.0", "displayName":"FIREFOX", "ipAddress":"1.2.3.4", "objectType":"Client"}], "targets":[{"id":"00uzysse 4pPSPXWNaaaa","displayName": "User","login":"account@ oktaprise.com","objectType": "User"}]} |
Core-User Auth-Login Failed |
User Login Failure |
{"eventId":"tev7UdwtYhTSkGVA_ rmMJgeJQ1440004117000","sessionId" :"","requestId":"VdS4FTWJxk6c4mX2wB1 -@wAAA9I","published":"2015-08- 19T17:08:37.000Z","action": {"message":"Sign-in Failed - Not Specified","categories":["Sign-in Failure","Suspicious Activity"], "objectType":"core.user_auth. login_failed","requestUri":"/ login/do-login"},"actors":[{"id" :"Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko","displayName":"x x", "ipAddress":"1.1.1.1","objectType" :"Client"}],"targets":[{"id":"", "objectType":"User"}]} |