Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Okta

The JSA DSM for Okta collects Okta REST API events from an Okta device.

The following table identifies the specifications for the Okta DSM:

Table 1: Okta DSM Specifications

Specification

Value

Manufacturer

Okta

DSM name

Okta

RPM file name

DSM-OktaIdentityManagement-JSA_version-build_number .noarch.rpm

Protocol

Okta REST API

Event format

JSON

Recorded event types

All

Automatically discovered?

No

Includes identity?

Yes

Includes custom properties?

No

More information

Okta website (https://www.okta.com/)

To integrate Okta with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:

    • Protocol Common

    • Okta REST API Protocol RPM

    • Okta DSM RPM

    If multiple DSM RPMs are required, the integration sequence must reflect the DSM RPM dependency.

  2. Add an Okta log source on the JSA Console:

    Table 2: Okta DSM Log Source Parameters

    Parameter

    Value

    Log Source type

    Okta

    Protocol type

    Okta REST API

    Name

    A name for the log source

    Description (optional)

    A description for the log source

The following table provides a sample event message for the Okta DSM:

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Table 3: Okta Sample Message Supported by the Okta Device

Event name

Low level category

Sample log message

Core-User Auth-Login Success

User Login Success

 
{"eventId":"xxxxxxxxxxxxxxx
xxxxxx-xxxxxxxxxxxxxxxx","
sessionId":"xxxxxxxxxxxxxxxxx
xxxxxxxx","requestId":"xxxxx
xxxxxxxxxxxxxxxxxxxxx",
"published":"2016-04-06T16:
16:40.000Z","action":{
"message":"Sign-in
successful","categories":
["Sign-in Success"],"object
Type":"core.user_auth.login
_success","requestUri":"/api
/v1/authn"},"actors":[{"id":
"xxxxxxxxxxxxxxxxxxxx",
"displayName":"User","login":
"username@example.com",
"objectType":"User"},{"id":
"Mozilla/5.0 (Windows NT 6.1;
WOW64; rv:45.0) Gecko/
20100101 Firefox/45.0",
"displayName":"FIREFOX",
"ipAddress":"<IP_address>",
"objectType":"Client"}],
"targets":[{"id":"xxxxxxxx
xxxxxxxxxxxx","displayName":
"User","login":"username@
example.com","objectType":
"User"}]}

Core-User Auth-Login Failed

User Login Failure

 
{"eventId":"xxxxxxxxxxxxxxxx_
xxxxxxxxxxxxxxxxxxxxxx","sessionId"
:"","requestId":"xxxxxxxxxxxxxxxxxxx
-xxxxxxx","published":"2015-08-
19T17:08:37.000Z","action":
{"message":"Sign-in Failed - Not
Specified","categories":["Sign-in
Failure","Suspicious Activity"],
"objectType":"core.user_auth.
login_failed","requestUri":"/
login/do-login"},"actors":[{"id"
:"Mozilla/5.0 (Windows NT 6.3;
WOW64; Trident/7.0; rv:11.0)
like Gecko","displayName":"x x",
"ipAddress":"<IP_address>","objectType"
:"Client"}],"targets":[{"id":"",
"objectType":"User"}]}