Okta module
editOkta module
editThis functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
The Okta module collects events from the Okta API. Specifically this supports reading from the Okta System Log API.
Variable settings
editEach fileset has separate variable settings for configuring the behavior of the
module. If you don’t specify variable settings, the okta
module uses
the defaults.
For advanced use cases, you can also override input settings. See Override input settings.
When you specify a setting at the command line, remember to prefix the
setting with the module name, for example, okta.system.var.paths
instead of system.var.paths
.
system
fileset settings
editThe Okta System Log records system events related to your organization in order to provide an audit trail that can be used to understand platform activity and to diagnose problems. This module is implemented using the httpjson input and is configured to paginate through the logs while honoring any rate-limiting headers sent by Okta.
This module does not persist the timestamp of the last read event in
order to facilitate resuming on restart. This feature will be coming in a future
version. When you restart the module will read events from the beginning of the
log. To minimize duplicates documents the module uses the event’s Okta UUID
value as the Elasticsearch _id
.
This is an example configuration for the module.
- module okta system: var.url: https://yourOktaDomain/api/v1/logs var.api_key: '00QCjAl4MlV-WPXM...0HmjFx-vbGua'
Configuration options
edit-
var.url
-
Specifies the URL to the Okta System Log API. Required.
var.url: https://mycompany.okta.com/api/v1/logs
-
var.api_key
-
Specifies the Okta API token to use in requests to the API. Required. The token is used in an HTTP
Authorization
header with theSSWS
scheme. See Create an API token for information on how to obtain a token.var.api_key: '00QCjAl4MlV-WPXM...0HmjFx-vbGua'
-
var.http_client_timeout
-
Duration of the time limit on HTTP requests made by the module. Defaults to
60s
. -
var.interval
-
Duration between requests to the API. Defaults to
60s
. -
var.keep_original_message
-
Boolean flag indicating if the original JSON event string should be included in
the
event.original
field. Defaults totrue
. -
var.ssl
-
Configuration options for SSL parameters like the certificate authority to use for HTTPS-based connections. If the
ssl
section is missing, the host CAs are used for HTTPS connections to Okta. See SSL for more information.var.ssl: supported_protocols: [TLSv1.2]
Example dashboard
editThis module comes with a sample dashboard:
Fields
editFor a description of each field in the module, see the exported fields section.