Okta
The JSA DSM for Okta collects Okta REST API events from an Okta device.
The following table identifies the specifications for the Okta DSM:
Specification |
Value |
---|---|
Manufacturer |
Okta |
DSM name |
Okta |
RPM file name |
DSM-OktaIdentityManagement-JSA_version-build_number .noarch.rpm |
Protocol |
Okta REST API |
Event format |
JSON |
Recorded event types |
All |
Automatically discovered? |
No |
Includes identity? |
Yes |
Includes custom properties? |
No |
More information |
Okta website (https://www.okta.com/) |
To integrate Okta with JSA, complete the following steps:
-
If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:
-
Protocol Common
-
Okta REST API Protocol RPM
-
Okta DSM RPM
If multiple DSM RPMs are required, the integration sequence must reflect the DSM RPM dependency.
-
-
Add an Okta log source on the JSA Console:
Table 2: Okta DSM Log Source Parameters Parameter
Value
Log Source type
Okta
Protocol type
Okta REST API
Name
A name for the log source
Description (optional)
A description for the log source
The following table provides a sample event message for the Okta DSM:
Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Event name |
Low level category |
Sample log message |
---|---|---|
Core-User Auth-Login Success |
User Login Success |
{"eventId":"xxxxxxxxxxxxxxx xxxxxx-xxxxxxxxxxxxxxxx"," sessionId":"xxxxxxxxxxxxxxxxx xxxxxxxx","requestId":"xxxxx xxxxxxxxxxxxxxxxxxxxx", "published":"2016-04-06T16: 16:40.000Z","action":{ "message":"Sign-in successful","categories": ["Sign-in Success"],"object Type":"core.user_auth.login _success","requestUri":"/api /v1/authn"},"actors":[{"id": "xxxxxxxxxxxxxxxxxxxx", "displayName":"User","login": "username@example.com", "objectType":"User"},{"id": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/ 20100101 Firefox/45.0", "displayName":"FIREFOX", "ipAddress":"<IP_address>", "objectType":"Client"}], "targets":[{"id":"xxxxxxxx xxxxxxxxxxxx","displayName": "User","login":"username@ example.com","objectType": "User"}]} |
Core-User Auth-Login Failed |
User Login Failure |
{"eventId":"xxxxxxxxxxxxxxxx_ xxxxxxxxxxxxxxxxxxxxxx","sessionId" :"","requestId":"xxxxxxxxxxxxxxxxxxx -xxxxxxx","published":"2015-08- 19T17:08:37.000Z","action": {"message":"Sign-in Failed - Not Specified","categories":["Sign-in Failure","Suspicious Activity"], "objectType":"core.user_auth. login_failed","requestUri":"/ login/do-login"},"actors":[{"id" :"Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko","displayName":"x x", "ipAddress":"<IP_address>","objectType" :"Client"}],"targets":[{"id":"", "objectType":"User"}]} |