# Okta Log Streaming AWS EventBridge

## Overview <a href="#overview" id="overview"></a>

The Identity Intelligence identity security platform integrates with Okta tenants to collect user account information, device information, and sign-on and application activity.

To enable hourly analysis of user activity and events, Identity Intelligence can leverage **Okta log streaming to an AWS EventBridge** streaming model. Then the Identity Intelligence platform can capture the events from the log stream.

<mark style="color:red;">**NOTE:**</mark>&#x20;

* By default, with event streaming enabled, the analysis of event-based detections will be performed hourly and associated notifications will be sent at that time
* Individual events for a user will only be added to the user's Activity table <mark style="color:blue;">once per day</mark>.  To fetch the most recent events for a user, run the [Refresh User Data](https://docs.oort.io/how-to-guides/remediation-actions#refresh-user-data) action from the actions menu
* If a near-time compatible check failure is detected for an Okta user, it can trigger other non-near-time check failure notifications to be sent outside of the standard 24hr cycle

### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

You must already have an active Okta data integration in your Identity Intelligence tenant that is connected via an Okta API token. Please see [instructions here](https://docs.oort.io/docs/oktadataintegration).

**You must also have the Log Streaming module enabled for your tenant.** Please see your Okta representative if you do not have this module as part of your current subscription.

## Okta Log Streaming Configuration <a href="#okta-log-streaming-configuration" id="okta-log-streaming-configuration"></a>

For reference, the Okta log streaming documentation can be found [here](https://help.okta.com/en-us/Content/Topics/Reports/log-streaming/add-aws-eb-log-stream.htm).

### Permission requirements for setting up Identity Intelligence integration with Okta <a href="#permission-requirements-for-setting-up-oort-integration-with-okta" id="permission-requirements-for-setting-up-oort-integration-with-okta"></a>

To add the necessary configuration in Okta, you need to be one of the following:

* Read-only administrator

### Setup Steps <a href="#setup-steps" id="setup-steps"></a>

There are 3 steps you need to go through to set up the AWS log streaming integration between Okta and Identity Intelligence.

1. In the Admin Console, go to **Reports > Log Streaming**. This page shows all of the log stream targets available in your org.
2. Click Add Log Stream to start the log stream wizard.

<figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2FmiT77zmmdW4xOKqHckpa%2FOkta%20event%20stream%20UI%202%202024-08-07_10-57-03.png?alt=media&#x26;token=660ccf2e-207a-41c3-bf5c-c37f58c0b06e" alt=""><figcaption></figcaption></figure>

3. Select AWS EventBridge from the catalog. Click Next.<br>

   <figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2F8oofuJX7IZw8TjRp6TIO%2Fimage.png?alt=media&#x26;token=bd48a580-1b84-4086-8194-0afd7555df62" alt="" width="375"><figcaption></figcaption></figure>
4. Name: Provide a unique name for this log stream in Okta.
5. **AWS Event Source Name**: The source name needs to be the Okta integration ID, which is available in the Event Streaming tab of your existing Okta integration. Go to **Integrations -> Edit Okta integration**

<figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2F7C27WX6HhWiA5ekHSHXj%2FOkta%20event%20stream%20UI%202024-08-07_10-57-03.png?alt=media&#x26;token=91a7f341-7166-46e8-b4fc-f8ba77208ee2" alt="" width="563"><figcaption></figcaption></figure>

6. Copy the AWS Event Source Name and AWS account ID shown into your Okta AWS Log Stream configuration
7. Enter the <mark style="color:orange;">**AWS region shown on the page**</mark> in your Okta integration. &#x20;
8. <mark style="color:blue;">**Save this information in the Okta Log Stream wizard FIRST**</mark>
9. **Check the box shown above and click Save in the Cisco Identity UI**