Okta Contextual Logs
This tutorial demonstrates how to create a pulling integration with Okta to send your contextual data logs to Coralogix.
Overview
Okta generates various logs that capture user authentication and authorization events, such as login attempts, user provisioning, and access management. These logs contain valuable information about user activities, security events, and system behavior within your Okta environment.
Coralogix offers a pulling integration that ingests your Okta contextual data logs at specified intervals, allowing you to gain insights into system behavior within our platform and troubleshoot problems that arise.
Benefits include:
Security Monitoring. Coralogix enables you to monitor user authentication and access events, detect suspicious activities, and identify potential security threats. Identify patterns, anomalies, and indicators of compromise so that you can respond swiftly to security incidents.
Compliance and Auditing. By collecting and analyzing the context data logs, Coralogix helps you meet regulatory compliance requirements. It provides the ability to track and audit user activities, generate compliance reports, and ensure adherence to industry standards.
Operational Insights. Our monitoring platform allows you to identify usage patterns, troubleshoot issues, track performance metrics, and optimize your Okta environment for improved efficiency.
Prerequisites
Permissions
You must have Okta admin permissions for:
Creating users (Users > Manage users > Create users).
Viewing roles, resources, and admin assignments (Identity and Access Management > View roles, resources, and admin assignments).
API Token
Log into your Okta portal with admin credentials and navigate to Directory > People.
Select Add person and create a user to be used for this integration.
Navigate to Security > Administrators and select Add administrator.
In Select admin, select the user you created and assign it the Read-only Administrator role. Then save your changes.
Log into Okta as the new user created according to procedures detailed above.
Navigate to Security > API > Tokens tab.
Select Create token, and copy the token value.
Configuration
In your Coralogix dashboard, navigate to Data Flow > Contextual Data.
In the Contextual Data section, locate Okta and click on ADD.
Enter the integration details.
- Integration Name
- Account Name (This will appear in your Coralogix UI as your subsystem name.)
- Okta Domain
- Okta API key. Enter previously-copied token value (see step 7).
Click CONNECT to trigger the integration. Your pulled Okta logs should appear in your Coralogix dashboard.
[Optional]** To minimize the Okta admin permission level, limiting it to viewing logs, follow these steps:
- Log into your Okta portal again with admin credentials.
- Navigate to Security > Administrators > Admins tab.
- Edit the new admin that you created, and change the role to Report Administrator. Then, save the changes.
[Recommended] To enhance your monitoring capabilities, select the corresponding extension and deploy it.
Learn more about our Extension Packages here.
Additional Resources
Documentation | Okta Audit Logs |
Blog | Okta Log Insights with Coralogix |
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].