- Cloud Collectors Overview
- Administration
- Administrative Access
- Shareable Service Accounts
- Add Accounts for AWS Cloud Collectors
- Add Accounts for Cisco Duo Cloud Collector
- Add Accounts for Google Cloud Collectors
- Add Accounts for Microsoft Cloud Collectors
- Add Accounts for Okta Cloud Collectors
- Add Accounts for Salesforce Cloud Collectors
- Add Accounts for Splunk Cloud Collectors
- Add Accounts for Trend Micro Cloud Collectors
- Define a Unique Site Name
- Sign Up for the Early Access Program
- Onboard Cloud Collectors
- Abnormal Security Cloud Collector
- AWS CloudTrail Cloud Collectors
- AWS CloudWatch Cloud Collector
- AWS S3 Cloud Collector
- AWS SQS Cloud Collector
- Azure Activity Logs Cloud Collector
- Azure Log Analytics Cloud Collector
- Azure Event Hub Cloud Collector
- Azure Storage Analytics Cloud Collector
- Cato Networks Cloud Collector
- Cisco Duo Cloud Collector
- Cisco Umbrella Cloud Collector
- Cribl Cloud Collector
- CrowdStrike Cloud Collectors
- GCP Pub/Sub Cloud Collector
- Microsoft Defender XDR (via Azure Event Hub) Cloud Collector
- Microsoft Entra ID Context Cloud Collector
- Microsoft Entra ID Logs Cloud Collector
- Microsoft 365 Exchange Admin Reports Cloud Collector
- Supported Sources from Microsoft 365 Exchange Admin Reports
- Migrate to the Microsoft 365 Exchange Admin Reports Cloud Collector
- Prerequisites to Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Troubleshooting the Microsoft 365 Exchange Admin Reports Cloud Collector
- Microsoft 365 Management Activity Cloud Collector
- Microsoft Security Alerts Cloud Collector
- Microsoft Sentinel (via Event Hub) Cloud Collector
- Netskope Alerts Cloud Collector
- Netskope Events Cloud Collector
- Okta Cloud Collector
- Okta Context Cloud Collector
- Palo Alto Networks Cortex Data Lake Cloud Collector
- Proofpoint On-Demand Cloud Collector
- Proofpoint Targeted Attack Protection Cloud Collector
- Salesforce Cloud Collector
- SentinelOne Alerts Cloud Collector
- SentinelOne Cloud Funnel Cloud Collector
- SentinelOne Threats Cloud Collector
- Splunk Cloud Collector
- Symantec Endpoint Security Cloud Collector
- Trend Vision One Cloud Collector
- Zscaler ZIA Cloud Collector
- Webhook Cloud Collectors
- Wiz Cloud Collector
- Troubleshooting Cloud Collectors
Prerequisites to Configure the Okta Cloud Collector
Before you configure the Okta Cloud Collector, complete the following prerequisites:
Obtain your organization's Okta URL.
Obtain the Okta API token.
Ensure that the administrator has the Read-Only Admin role with the System Logs permission. For more information, see System Logs in Okta documentation.
Obtain an API Token
Okta APIs are authenticated via application keys. You must obtain the API key or token that you can use while configuring the Okta Cloud Collector.
To obtain an API token:
Create an Okta account with a user role Read-Only Administrator.
Log in to the Okta administrator console as an administrator with Read-Only Administrator role.
Navigate to Security > API > Tokens.
Click Create Token.
Enter the name for the token, then click Create Token. Note the value represented by a string of letters and numbers, to use while configuring the Okta cloud connector. For more information, see the Okta Documentation.
Add Accounts for Okta Cloud Collectors
For ease of setup, you can use your Okta account across one or more Okta Cloud Collectors.
To set up a shareable Okta account in Cloud Collectors:
Log in to the Exabeam Security Operations Platform with your registered credentials as an administrator.
Navigate to Collectors > Cloud Collectors.
Click Accounts, then click New Account.
In the Add a New Account page, enter the required information.
VENDOR – Select the vendor as Okta.
NAME – Specify a name for the Okta account.
URL – Enter the Okta account URL. For example, https://mycompanyokta.okta.com.
API-TOKEN – Enter the value API token that you obtained while completing the prerequisites for the cloud collector you want to configure: Okta Cloud Collector or Okta Context Cloud Collector.
Click Save.
Proceed to configure your Okta Cloud Collector or Okta Context Cloud Collector.
When you onboard new collectors for Okta, you must select the Okta account. You can reuse credentials between different Okta collectors provided that you have the required permissions configured for the collector.
Supported Event Types
The following table displays the security event types supported by Okta Cloud Collector.
API Resource | Supported Event Types |
|---|---|
Session - start / end / clear Access Admin App Password - reset / update Account - lock / unlock User - create / suspend / unsuspend / activate / deactivate / delete | |
Authentication - SSO / MFA Token - create / revoke Group membership - add / remove Application assignment - add / remove User membership - add / remove / update Application - update / delete / activate / deactivate Zone - create / update / delete Password policy rule - create / update / override / delete / activate / deactivate |