fbpx

Integrating Okta Logs With Blumira

Okta provides secure identity management with single sign-on, multi-factor authentication, lifecycle management and more.

 

Once configured and integrated with Okta, Blumira’s modern SIEM platform ingests and parses log data in order to provide advanced threat detection and automated, actionable response.

 

Get a Free Cloud SIEM Trial

Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.

 

Free Trial

Okta Configuration

Blumira utilizes the Okta System Log API which provides a stream of event data that are correlated to Blumira Security Detections.

Generate Okta SSWS Token

  1. Sign into your Okta Admin Panel with administrator privileges
  2. Select the Security Menu > API > Tokens
  3. Click Create Token
  4. Name your token and click Create Token
  5. Record the Token Value. You will copy this value to Blumira.

 

Configuring Blumira

Next, you’ll need to setup the Okta Module, within the Blumira Admin Console.

  1. Login to the Blumira Admin Console and select:  Infrastructure > Sensors > (Select your Sensor)
  2. Scroll down the page to the Modules section, and click on the Add Module button.
  3. In the Module drop-down, find the Okta API Module, and select the latest available version.
  4. Fill in the “Module Configuration” form, shown here:
    • Okta account name: The domain you use to login to Okta. For example, if you login to “mycompany.okta.com”, then this field should be “mycompany”.
    • Okta SSWS Token: The API token you obtained in the previous section.
    • Log Source Name: An optional string to identify the Okta log source
    • Select Install

Within minutes of completing these steps, the module will be operational, and will ingest Okta logs from the last 90 days into the Blumira platform. The module will then continuously monitor the Okta service for the latest available logs.

Additional Helpful Links

https://developer.okta.com/docs/reference/api/system-log/

https://developer.okta.com/docs/guides/create-an-api-token/overview

Get a Free Cloud SIEM Trial

Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.

Free Trial