Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Okta

The JSA DSM for Okta collects Okta REST API events from an Okta device.

The following table identifies the specifications for the Okta DSM:

Table 1: Okta DSM Specifications

Specification

Value

Manufacturer

Okta

DSM name

Okta

RPM file name

DSM-OktaIdentityManagement-JSA_version-build_number .noarch.rpm

Protocol

Okta REST API

Event format

JSON

Recorded event types

All

Automatically discovered?

No

Includes identity?

Yes

Includes custom properties?

No

More information

Okta website (https://www.okta.com/)

To integrate Okta with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:

    • Protocol Common

    • Okta REST API Protocol RPM

    • Okta DSM RPM

    If multiple DSM RPMs are required, the integration sequence must reflect the DSM RPM dependency.

  2. Add an Okta log source on the JSA Console:

    Table 2: Okta DSM Log Source Parameters

    Parameter

    Value

    Log Source type

    Okta

    Protocol type

    Okta REST API

    Name

    A name for the log source

    Description (optional)

    A description for the log source

The following table provides a sample event message for the Okta DSM:

Table 3: Okta Sample Message Supported by the Okta Device

Event name

Low level category

Sample log message

Core-User Auth-Login Success

User Login Success

{"eventId":"teveLnptWDqSfKg
2Gq8oO-eVg146522980aaaa","
sessionId":"101V8yTdKXcQ9a9pj
a1uzaaaa","requestId":"V1Wh6
MUxWNbrLROUi3K0jAaaaa",
"published":"2016-04-06T16:
16:40.000Z","action":{
"message":"Sign-in 
successful","categories":
["Sign-in Success"],"object
Type":"core.user_auth.login
_success","requestUri":"/api
/v1/authn"},"actors":[{"id":
"00uzysse4pPSPXWNaaaa",
"displayName":"User","login":
"account@oktaprise.com",
"objectType":"User"},{"id":
"Mozilla/5.0 (Windows NT 6.1;
 WOW64; rv:45.0) Gecko/
20100101 Firefox/45.0",
"displayName":"FIREFOX",
"ipAddress":"1.2.3.4",
"objectType":"Client"}],
"targets":[{"id":"00uzysse
4pPSPXWNaaaa","displayName":
"User","login":"account@
oktaprise.com","objectType":
"User"}]}

Core-User Auth-Login Failed

User Login Failure

{"eventId":"tev7UdwtYhTSkGVA_
rmMJgeJQ1440004117000","sessionId"
:"","requestId":"VdS4FTWJxk6c4mX2wB1
-@wAAA9I","published":"2015-08-
19T17:08:37.000Z","action":
{"message":"Sign-in Failed - Not 
Specified","categories":["Sign-in 
Failure","Suspicious Activity"],
"objectType":"core.user_auth.
login_failed","requestUri":"/
login/do-login"},"actors":[{"id"
:"Mozilla/5.0 (Windows NT 6.3; 
WOW64; Trident/7.0; rv:11.0) 
like Gecko","displayName":"x x",
"ipAddress":"1.1.1.1","objectType"
:"Client"}],"targets":[{"id":"",
"objectType":"User"}]}