Overview
Okta provides secure identity management with single sign-on, multi-factor authentication, lifecycle management and more.
Once configured and integrated with Okta, Blumira’s modern SIEM platform ingests and parses log data in order to provide advanced threat detection and automated, actionable response.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Okta Configuration
Blumira utilizes the Okta System Log API which provides a stream of event data that are correlated to Blumira Security Detections.
Generate Okta SSWS Token
- Sign into your Okta Admin Panel with administrator privileges.
- Select the Security Menu > API > Tokens.
- Click Create Token.
- Name your token and click Create Token.
- Record the Token Value. You will copy this value to Blumira.
Configuring Blumira
Next, set up the Okta Module within Blumira.
- In Blumira, navigate to Settings > Sensors.
- Click on the sensor you want to use.
- Scroll down the page to the Modules section, and click on the Add Module button.
- In the Module drop-down, find the Okta API Module, and select the latest available version.
- Fill in the “Module Configuration” form, shown here:
- Okta account name: The domain you use to login to Okta. For example, if you login to “mycompany.okta.com”, then this field should be “mycompany”.
- Okta SSWS Token: The API token you obtained in the previous section.
- Log Source Name: An optional string to identify the Okta log source
- Select Install
Within minutes of completing these steps, the module will be operational and will ingest Okta logs from the last 90 days into the Blumira platform. The module will then continuously monitor the Okta service for the latest available logs.
References: