Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Device Integration: Okta

            Modified on Thu, 30 Apr at 9:59 AM

            Table of Contents


            Overview

            This article provides step-by-step instructions to integrate Okta with ADR SIEM using API-based integration.
            This enables comprehensive visibility and proactive threat detection by forwarding Okta logs from the cloud to APE (Analytics and Policy Engine) via CCE (Collection and Control Engine).


            Pre-requisites

            Before starting the integration, ensure you have:

            • Okta Admin Access to generate API token.

            • ADR CCE Server IP where logs will be forwarded.

            • Network connectivity from CCE to Okta API endpoint.


            Step 1: Generate Okta API Token

            1. Log in to Okta Admin Console
              Navigate to your Okta domain:

              https://.okta.com

            2. Go to API Settings

              • From the left-hand menu, navigate to:
                Security → API → Tokens

            3. Create a New Token

              • Click Create Token.

              • Provide a name (e.g., Aria_Integration).

              • Click Create Token.

            4. Copy the Token

              • The token will be displayed once. Copy it securely.

              • This token will be used as the Password/Secret Key in ADR UI.

            5. Note: If lost, you must regenerate a new token.


            Step 2: Find Your Okta Domain

            Your domain will be used in the configuration JSON.
            To find your domain:

            • It will look like:

              yourcompany.okta.com

              or

              yourcompany.okta-emea.com

            Reference: Find your Okta domain


            Step 3: Configure Okta in ADR UI

            1. Log in to ADR UI as administrator.

            2. Navigate to:

              Administration → Add-on Store

            3. Search and select Okta.

            4. Fill in the required fields:

              FieldValue
              DeviceOkta
              NameAny descriptive name (e.g., Okta_Prod)
              CCE HostEnter your CCE IP address
              Access ID/UserNot required
              Password/SecretEnter the Okta API Token generated earlier
              Config (JSON){"host": "<your_okta_domain>"}
              Example: {"host": "acme.okta.com"}

            5. Click Save to apply the configuration.



            Step 4: Verification of Integration (MSSP Only)

            Method 1: ADR UI

            1. Navigate to:
              System → Logs and Flows Collection Status

            2. Verify that the Source Device IP of Okta is listed.

            Method 2: On CCE Server

            • Log in to the CCE as seceon user.

            • Run:

              otmdoc -s cce-addon-devices

            • Inside the container, check scheduled jobs:

              crontab -l

            • Locate the Python script for Okta → run it manually to confirm successful log retrieval.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0