🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Okta Integration Guide

cloud integrations okta


The following instructions are for configuring an Okta integration to facilitate log ingestion into Taegis™ XDR.

Note

Integrating Okta enables Taegis™ XDR to enhance monitoring data via Okta. It is not used for SSO into Taegis™ XDR.

Okta Requirements

An active Okta account with the Super Admin role is required to create a service app.

Data Provided from Integration

  Auth CloudAudit DNS HTTP Netflow NIDS Process Thirdparty
Okta D Y            

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections

Note

Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Create the Service App in Okta

The following is required to add the Okta integration in Taegis™ XDR:

Procedure

  1. Create a service app integration in the Okta Admin console.

Create the Service App

Create the Service App

  1. Use the following settings:
  1. Generate a JWK key pair or use an existing key pair.

Add the Key Pair

Create the Key Pair

Create the Key Pair

Add the Key Pair

  1. Grant allowed scopes. The okta.logs.read scope is required.

Okta API Scopes

Grant the okta.logs.read Scope

Grant the Required Scope

  1. Assign admin role. The Report Administrator role is required.

Grant the Required Role

Grant the Required Role

Grant the Required Role

Add Integration in Taegis™ XDR

Create the Integration

Create the Integration

  1. From the Taegis™ XDR left-hand side navigation, select Integrations → Cloud APIs → Add API Integration.
  2. Choose Set up Okta Integrations.
  3. Enter the following fields:

    • Integration Name — Any unique string
    • Org URL/Issuer URL — The URL instance of your Okta account

    Note

    The Org URL is found in your browser’s address bar after logging in to your Okta portal and takes the format https://xxxxxxxx.okta.com, https://xxxxxxxx.okta-emea.com, or https://xxxxxxxx.oktapreview.com.

  4. Upload the Private Key created in the previous section.

  5. Select Done. The Manage Integrations page displays with the successfully added Okta integration listed under Cloud API Integrations.

Tip

You can use the Integration Name defined in step 3 above to identify the integration within the Cloud API Integrations table.

Events Received from Okta

The following ingest events are received from Okta integrations and normalized to the auth schema:

The following ingest events are received from Okta integrations and normalized to the cloudaudit schema:

The following ingest events are received from Okta integrations and normalized to the generic schema:

For more detailed information about managing Okta integrations, see these related topics:

 

On this page: