Skip to main content


Okta is an enterprise-grade, identity management service, built for the cloud, but compatible with many on-premises applications.

To ship Okta logs, you'll deploy a Docker container to collect the logs and forward them to using Logstash.

You can send logs from multiple Okta tenants and any Okta domain.


If you want to ship from multiple Okta tenants over the same docker, you'll need to use the latest configuration using a tenants-credentials.yml file. Otherwise, you can continue using the previous configuration without a tenants-credentials.yml.

Before you begin, you'll need:

  • Okta administrator privileges
  • Port 5050 available - Logstash endpoint receives logs from port 5050.

Get the API token and Okta domain from Okta

In the Okta developer console, navigate to API > Tokens. Create a token and paste it in your text editor.

Create Okta API token

Click the Authorization Servers tab. Copy your Okta domain from the Issuer URI column, and paste it in your text editor. In the following example, you'd have copied "".

Okta URL

Create your tenants-credentials YAML

Build your tenants-credentials.yml:
To create the file run the following command as root and then open the file in your text editor:

mkdir /etc/logzio-okta && touch /etc/logzio-okta/tenants-credentials.yml

Insert your tenants credentials into the YAML file in the following format:

- okta_api_key: <<OKTA-API-KEY>>
okta_domain: <<OKTA-DOMAIN>>

This shipper supports up to 50 tenants. For multiple tenants, add your Okta API key and domain for each tenant. See the following example:

- okta_api_key: 123456a
- okta_api_key: 123456b
- okta_api_key: 123456c


OKTA_API_KEY (Required)The Okta API key copied in step 1.
OKTA_DOMAIN (Required)The Okta domain copied in step 1. It is found under the Issuer URI column in your Okta developer console. Supports these Okta domains:,,

YAML files are sensitive to spaces and tabs. It's a good idea to run your code through a YAML validator to make sure that its structure is correct. It's a good idea to run it through a YAML validator to rule out indentation errors, clean up extra characters, and check that it is valid. ( is a great choice.)

Save the file in your working directory. That's the same one you're running the docker from.

Pull the Docker image

Download the logzio/logzio-okta image:

docker pull logzio/logzio-okta

Run the Docker image

Replace the placeholders in the code sample below before running it. Then run:

docker run \
--restart always \
--name Okta \
-v /etc/logzio-okta/tenants-credentials.yml:/usr/share/logstash/tenants-credentials.yml \
-t logzio/logzio-okta

For Mac users: To fix issues with mounting files from root directory please add the path ‘/etc/logzio-okta’ to your Docker File Sharing. Click here for a guide on how to fix this issue - using docker desktop or manually edit your Docker configuration file.
For more information about mounting files from root directory click here.

LOGZIO_TOKEN (Required)Replace <<LOG-SHIPPING-TOKEN>> with the token of the account you want to ship to.
LOGZIO_LISTENER_HOST (Required)Replace <<LISTENER-HOST>> with the host for your region. For example, if your account is hosted on AWS US East, or if hosted on Azure West Europe. The required port depends whether HTTP or HTTPS is used: HTTP = 8070, HTTPS = 8071.

Check for your logs

Give your logs some time to get from your system to ours, and then open Open Search Dashboards.

If you still don't see your logs, see log shipping troubleshooting.