Okta Cloud Connector

Okta Cloud Identity as a Service (IDaaS) platform provides secure identity management with single sign-on (SSO), multi-factor authentication (MFA), and lifecycle management. Okta Identity cloud offers cloud-based directory to manage groups, devices, and applications, and enables secure access from any device for its enterprise users. For more information, see the Okta Documentation.

Prerequisites to Configure the Okta Connector

Before you configure the Okta connector you must complete the following prerequisites:

Ensure that the https://*.okta.com service is open for communication with Exabeam Cloud Connector platform.
Obtain your organization's Okta URL by contacting Okta support.
Obtain the Okta API token.
Ensure that the administrator has Read-Only Admin role with the following permissions. For more information, see Okta Administrators.
- View users
- View groups
- View system log

Obtain an API Token

Okta APIs are authenticated via application keys. You must obtain the API key or token that you can use while configuring the Okta connector.

To obtain an API token:

Log in to the Okta administrator console as an administrator.
Navigate to Security > API > Tokens.
Click Create Token.
Enter the name for the token, then click Create Token. Note the value represented by a string of letters and numbers, to use while configuring the Okta cloud connector. For more information, see the Okta Documentation.

Configure the Okta Connector

The following table displays audit source API and security events supported by the connector.

Endpoint	API Resource	Event Included	Notes
Logs	System Log	Session - start / end / clear Access Admin App Password - reset / update Account - lock / unlock User - create / suspend / unsuspend / activate / deactivate / delete	Replacing the events endpoint
Events	Events	Authentication - SSO / MFA Token - create / revoke Group membership - add / remove Application assignment - add / remove User membership - add / remove / update Application - update / delete / activate / deactivate Zone - create / update / delete Password policy rule - create / update / override / delete / activate / deactivate	Deprecated, still supported in some of the organizations, These events soon will no longer be supported.

Endpoint

API Resource

Event Included

Notes

Logs

System Log

Session - start / end / clear

Access Admin App

Password - reset / update

Account - lock / unlock

User - create / suspend / unsuspend / activate / deactivate / delete

Replacing the events endpoint

Events

Authentication - SSO / MFA

Token - create / revoke

Group membership - add / remove

Application assignment - add / remove

User membership - add / remove / update

Application - update / delete / activate / deactivate

Zone - create / update / delete

Password policy rule - create / update / override / delete / activate / deactivate

Deprecated, still supported in some of the organizations, These events soon will no longer be supported.

Table 20. Audit source API and security events supported by the connector

To configure the Okta Cloud Connector to import data into the Exabeam Cloud Connector platform:

Before you begin, review the Prerequisites to Configure the Okta Connector.
Log in to the Exabeam Cloud Connectors platform with your registered credentials.
Navigate to Settings > Accounts > Add Account.
Click Select Service to Add, then select Okta from the list.
In the Accounts section, enter the required information. Required fields are indicated with a red bar.
1. Account Name – Specify a name for the Okta Cloud Connector. For example, Okta_ IDaaS_SSO.
2. Description – Describe the Okta Cloud Connector (optional). For example, Okta secure identity management with Single Sign On (SSO).
3. URL – Enter the Okta account URL. For example, https://mycompanyokta.okta.com.
4. API Token – Enter the value API token that you obtained while completing the prerequisites.
5. User Agent – Type Exabeam. This field is available only for the older versions of the Exabeam cloud connector.
To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.
Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.
To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows OK.

Troubleshooting

Issue	Solution
The Events endpoint shows the following error: Events API is deprecated and has been disabled for your account, please use /logs API. Please contact Okta support if you want to enable Events API.	Deactivate the Events endpoint and activate the Logs endpoint because the Events endpoint is deprecated and replaced with the Logs endpoint.
API call exceeded the rate limit because of too many requests.	If you are using an older version of the Exabeam cloud connector, ensure that the user agent is set to Exabeam.

Issue

Solution

The Events endpoint shows the following error:

Events API is deprecated and has been disabled for your account, please use /logs API. Please contact Okta support if you want to enable Events API.

Deactivate the Events endpoint and activate the Logs endpoint because the Events endpoint is deprecated and replaced with the Logs endpoint.

API call exceeded the rate limit because of too many requests.

If you are using an older version of the Exabeam cloud connector, ensure that the user agent is set to Exabeam.

Cloud ConnectorsExabeam Cloud Connectors Configuration Guide

Table of ContentsTable of Contents