Okta

The JSA DSM for Okta collects Okta REST API events from an Okta device.

The following table identifies the specifications for the Okta DSM:

Table 1: Okta DSM Specifications
Specification	Value
Manufacturer	Okta
DSM name	Okta
RPM file name	DSM-OktaIdentityManagement-`JSA_version-build_number` .noarch.rpm
Protocol	Okta REST API
Event format	JSON
Recorded event types	All
Automatically discovered?	No
Includes identity?	Yes
Includes custom properties?	No
More information	Okta website (https://www.okta.com/)

To integrate Okta with JSA, complete the following steps:

If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:
- Protocol Common
- Okta REST API Protocol RPM
- Okta DSM RPM
If multiple DSM RPMs are required, the integration sequence must reflect the DSM RPM dependency.

Add an Okta log source on the JSA Console:

Table 2: Okta DSM Log Source Parameters
Parameter	Value
Log Source type	Okta
Protocol type	Okta REST API
Name	A name for the log source
Description (optional)	A description for the log source

The following table provides a sample event message for the Okta DSM:

Table 3: Okta Sample Message Supported by the Okta Device
Event name	Low level category	Sample log message
Core-User Auth-Login Success	User Login Success	{"eventId":"teveLnptWDqSfKg 2Gq8oO-eVg146522980aaaa"," sessionId":"101V8yTdKXcQ9a9pj a1uzaaaa","requestId":"V1Wh6 MUxWNbrLROUi3K0jAaaaa", "published":"2016-04-06T16: 16:40.000Z","action":{ "message":"Sign-in successful","categories": ["Sign-in Success"],"object Type":"core.user_auth.login _success","requestUri":"/api /v1/authn"},"actors":[{"id": "00uzysse4pPSPXWNaaaa", "displayName":"User","login": "account@oktaprise.com", "objectType":"User"},{"id": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/ 20100101 Firefox/45.0", "displayName":"FIREFOX", "ipAddress":"1.2.3.4", "objectType":"Client"}], "targets":[{"id":"00uzysse 4pPSPXWNaaaa","displayName": "User","login":"account@ oktaprise.com","objectType": "User"}]}
Core-User Auth-Login Failed	User Login Failure	{"eventId":"tev7UdwtYhTSkGVA_ rmMJgeJQ1440004117000","sessionId" :"","requestId":"VdS4FTWJxk6c4mX2wB1 -@wAAA9I","published":"2015-08- 19T17:08:37.000Z","action": {"message":"Sign-in Failed - Not Specified","categories":["Sign-in Failure","Suspicious Activity"], "objectType":"core.user_auth. login_failed","requestUri":"/ login/do-login"},"actors":[{"id" :"Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko","displayName":"x x", "ipAddress":"1.1.1.1","objectType" :"Client"}],"targets":[{"id":"", "objectType":"User"}]}

Table 3: Okta Sample Message Supported by the Okta Device

Event name

Low level category

Sample log message

Core-User Auth-Login Success

User Login Success

{"eventId":"teveLnptWDqSfKg
2Gq8oO-eVg146522980aaaa","
sessionId":"101V8yTdKXcQ9a9pj
a1uzaaaa","requestId":"V1Wh6
MUxWNbrLROUi3K0jAaaaa",
"published":"2016-04-06T16:
16:40.000Z","action":{
"message":"Sign-in 
successful","categories":
["Sign-in Success"],"object
Type":"core.user_auth.login
_success","requestUri":"/api
/v1/authn"},"actors":[{"id":
"00uzysse4pPSPXWNaaaa",
"displayName":"User","login":
"account@oktaprise.com",
"objectType":"User"},{"id":
"Mozilla/5.0 (Windows NT 6.1;
 WOW64; rv:45.0) Gecko/
20100101 Firefox/45.0",
"displayName":"FIREFOX",
"ipAddress":"1.2.3.4",
"objectType":"Client"}],
"targets":[{"id":"00uzysse
4pPSPXWNaaaa","displayName":
"User","login":"account@
oktaprise.com","objectType":
"User"}]}

Core-User Auth-Login Failed

User Login Failure

{"eventId":"tev7UdwtYhTSkGVA_
rmMJgeJQ1440004117000","sessionId"
:"","requestId":"VdS4FTWJxk6c4mX2wB1
-@wAAA9I","published":"2015-08-
19T17:08:37.000Z","action":
{"message":"Sign-in Failed - Not 
Specified","categories":["Sign-in 
Failure","Suspicious Activity"],
"objectType":"core.user_auth.
login_failed","requestUri":"/
login/do-login"},"actors":[{"id"
:"Mozilla/5.0 (Windows NT 6.3; 
WOW64; Trident/7.0; rv:11.0) 
like Gecko","displayName":"x x",
"ipAddress":"1.1.1.1","objectType"
:"Client"}],"targets":[{"id":"",
"objectType":"User"}]}