Skip to main content

Okta

Okta is an enterprise-grade, identity management service, built for the cloud, but compatible with many on-premises applications.

To ship Okta logs, you'll deploy a Docker container to collect the logs and forward them to Logz.io using Logstash.

You can send logs from multiple Okta tenants and any Okta domain.

note

If you want to ship from multiple Okta tenants over the same docker, you'll need to use the latest configuration using a tenants-credentials.yml file. Otherwise, you can continue using the previous configuration without a tenants-credentials.yml.

Before you begin, you'll need:

  • Okta administrator privileges
  • Port 5050 available - Logz.io Logstash endpoint receives logs from port 5050.

Get the API token and Okta domain from Okta

In the Okta developer console, navigate to API > Tokens. Create a token and paste it in your text editor.

Create Okta API token

Click the Authorization Servers tab. Copy your Okta domain from the Issuer URI column, and paste it in your text editor. In the following example, you'd have copied "dev-123456.okta.com".

Okta URL

Create your tenants-credentials YAML

Build your tenants-credentials.yml:
To create the file run the following command as root and then open the file in your text editor:

mkdir /etc/logzio-okta && touch /etc/logzio-okta/tenants-credentials.yml

Insert your tenants credentials into the YAML file in the following format:

tenants_credentials:
- okta_api_key: <<OKTA-API-KEY>>
okta_domain: <<OKTA-DOMAIN>>

This shipper supports up to 50 tenants. For multiple tenants, add your Okta API key and domain for each tenant. See the following example:

tenants_credentials:
- okta_api_key: 123456a
okta_domain: logzio-dev-123.okta.com
- okta_api_key: 123456b
okta_domain: logzio-dev-123.okta.com
- okta_api_key: 123456c
okta_domain: logzio-dev-123.oktapreview.com

Parameters

ParameterDescription
OKTA_API_KEY (Required)The Okta API key copied in step 1.
OKTA_DOMAIN (Required)The Okta domain copied in step 1. It is found under the Issuer URI column in your Okta developer console. Supports these Okta domains: example.oktapreview.com, example.okta.com, example.okta-emea.com
tip

YAML files are sensitive to spaces and tabs. It's a good idea to run your code through a YAML validator to make sure that its structure is correct. It's a good idea to run it through a YAML validator to rule out indentation errors, clean up extra characters, and check that it is valid. (Yamllint.com is a great choice.)

Save the file in your working directory. That's the same one you're running the docker from.

Pull the Docker image

Download the logzio/logzio-okta image:

docker pull logzio/logzio-okta

Run the Docker image

Replace the placeholders in the code sample below before running it. Then run:

docker run \
--restart always \
--name Okta \
--env LOGZIO_TOKEN=<<LOG-SHIPPING-TOKEN>> \
--env LOGZIO_LISTENER_HOST=<<LISTENER-HOST>> \
-v /etc/logzio-okta/tenants-credentials.yml:/usr/share/logstash/tenants-credentials.yml \
-t logzio/logzio-okta

For Mac users: To fix issues with mounting files from root directory please add the path ‘/etc/logzio-okta’ to your Docker File Sharing. Click here for a guide on how to fix this issue - using docker desktop or manually edit your Docker configuration file.
For more information about mounting files from root directory click here.

ParameterDescription
LOGZIO_TOKEN (Required)Replace <<LOG-SHIPPING-TOKEN>> with the token of the account you want to ship to.
LOGZIO_LISTENER_HOST (Required)Replace <<LISTENER-HOST>> with the host for your region. The required port depends whether HTTP or HTTPS is used: HTTP = 8070, HTTPS = 8071.
LOG_LEVEL (Optional)Logstash Log Level (deafult: info)

Check Logz.io for your logs

Give your logs some time to get from your system to ours, and then open Open Search Dashboards.

If you still don't see your logs, see log shipping troubleshooting.