Okta

• How it works
• Prerequisites
• Setup Instructions
  • Step 1: Create an API Token in Okta
  • Step 2: Configure the Source in Datable
  • Step 3: Verify Data Collection
• Data Collected
• Troubleshooting
  • No Data Appearing
  • Authentication Errors
  • Rate Limiting
• Security Considerations
• Support

Datable integrates with Okta to collect system logs and security events from your Okta organization. This integration enables you to monitor authentication events, user activities, and security incidents.

How it works

The Okta integration uses the Okta System Log API to periodically poll and collect log events from your Okta organization. These logs are then processed and made available for analysis in Datable.

Prerequisites

• Administrator access to your Okta organization
• An Okta API token with read permissions

Setup Instructions

Step 1: Create an API Token in Okta

1. Sign in to your Okta Admin Console
2. Navigate to Security → API
3. Select the Tokens tab
4. Click Create Token
5. Enter a descriptive name for the token (e.g., "Datable Integration")
6. Click Create Token
7. Copy the token value - you'll need this for the Datable configuration

Important: Store this token securely. Okta will only display it once.

Step 2: Configure the Source in Datable

1. Navigate to the Sources page in Datable
2. Select Okta from the available sources
3. Provide the following configuration:
   • Source Name: A descriptive name for this source
   • API Key: The token you created in Step 1
   • Endpoint: Your Okta domain (e.g., example-12321.okta.com)
4. Click Save to create the source

Step 3: Verify Data Collection

After configuration, Okta logs should begin flowing into Datable within a few minutes. You can verify this by:

1. Checking the source status in the Datable dashboard
2. Viewing recent logs in the Data Explorer
3. Creating a test authentication event in Okta and confirming it appears in Datable

Data Collected

The Okta integration collects the following types of events:

• Authentication Events: Login attempts, MFA challenges, password resets
• User Management: User creation, updates, deactivation
• Application Events: App assignments, SSO events
• Administrative Actions: Policy changes, group modifications
• Security Events: Suspicious activities, threat detections

Troubleshooting

No Data Appearing

• Verify the API token has not expired
• Ensure the Okta domain is correct
• Check that the API token has the necessary read permissions

Authentication Errors

• Regenerate the API token in Okta
• Update the configuration in Datable with the new token

Rate Limiting

The Okta API has rate limits. If you encounter rate limiting issues:

• The integration automatically handles rate limits with exponential backoff
• Consider reducing the polling frequency if persistent issues occur

Security Considerations

• API tokens should be rotated regularly
• Use tokens with minimal required permissions (read-only)
• Monitor token usage in Okta's system log
• Consider IP allowlisting if your Okta organization supports it

Support

For additional support with the Okta integration, please contact the Datable support team or refer to the Okta System Log API documentation.