Okta provides secure identity management with single sign-on, multi-factor authentication, lifecycle management and more.
Once configured and integrated with Okta, Blumira’s modern SIEM platform ingests and parses log data in order to provide advanced threat detection and automated, actionable response.
The Okta System Log API  provides a stream of okta event data which can be consumed by Blumira. To configure Blumira to ingest your Okta logs, follow these steps.
You will need an API token from Okta to provide access to your Okta event data. Follow the instructions here  to create a token.
Next, you will need to enable your Blumira sensor to connect to Okta, using the API token you obtained. This connection is managed through the Okta Module, which you will install on one of your Blumira sensors. You can add the module to any one of your existing sensors, or you can create an additional dedicated sensor for such external API modules (if you choose that route, be sure to run it on a different host than runs an existing sensor).
Here’s how to add the Okta module to a Blumira sensor:
Within minutes of completing these steps, the module will be operational, and will ingest Okta logs from the last 90 days into the Blumira platform. The module will then continuously monitor the Okta service for the latest available logs.