Okta Log Streaming AWS EventBridge Integration

10/2024

Overview

The Identity Intelligence identity security platform integrates with Okta tenants to collect user account information, device information, and sign-on and application activity.

To enable hourly analysis of user activity and events, Identity Intelligence can leverage Okta log streaming to an AWS EventBridge streaming model. Then the Identity Intelligence platform can capture the events from the log stream.

NOTE:

  • By default, with event streaming enabled, the analysis of event-based detections will be performed hourly and associated notifications will be sent at that time

  • Individual events for a user will only be added to the user's Activity table once per day. To fetch the most recent events for a user, run the Refresh User Data action from the actions menu

  • If a near-time compatible check failure is detected for an Okta user, it can trigger other non-near-time check failure notifications to be sent outside of the standard 24hr cycle

Prerequisites

You must already have an active Okta data integration in your Identity Intelligence tenant that is connected via an Okta API token. Please see instructions here.

You must also have the Log Streaming module enabled for your tenant. Please see your Okta representative if you do not have this module as part of your current subscription.

Okta Log Streaming Configuration

For reference, the Okta log streaming documentation can be found here.

Permission requirements for setting up Identity Intelligence integration with Okta

To add the necessary configuration in Okta, you need to be one of the following:

  • Read-only administrator

Setup Steps

There are 3 steps you need to go through to set up the AWS log streaming integration between Okta and Identity Intelligence.

  1. In the Admin Console, go to Reports > Log Streaming. This page shows all of the log stream targets available in your org.

  2. Click Add Log Stream to start the log stream wizard.

  1. Select AWS EventBridge from the catalog. Click Next.

  2. Name: Provide a unique name for this log stream in Okta.

  3. AWS Event Source Name: The source name needs to be the Okta integration ID, which is available in the Event Streaming tab of your existing Okta integration. Go to Integrations -> Edit Okta integration

  1. Copy the AWS Event Source Name and AWS account ID shown into your Okta AWS Log Stream configuration

  2. Enter the AWS region shown on the page in your Okta integration.

  3. Save this information in the Okta Log Stream wizard FIRST

  4. Check the box shown above and click Save in the Cisco Identity UI

PreviousMicrosoft Teams Notification IntegrationNextOkta Data Integration

Last updated