Okta extension
- Latest Dynatrace
- Extension
Ingest Okta System Log events to monitor authentication activity, user lifecycle changes, and security compliance in Dynatrace.
Get started
Overview
The Okta Audit Logs extension for Dynatrace integrates Okta System Log events into your Dynatrace environment. Gain real-time visibility into authentication activities, user management, security events, and policy changes from Okta, all within the Dynatrace platform. Use analytics, dashboards, and alerting to monitor security and compliance.
Use cases
- Monitor Okta authentication and authorization events for security and compliance.
- Detect suspicious login attempts, MFA challenges, and user lockouts in real time.
- Track user lifecycle events such as provisioning, deprovisioning, and group membership changes.
- Automate incident response workflows based on Okta security events.
Activation and setup
- Activate the Okta Audit Logs extension. For details, see Deploy an extension from Dynatrace Hub.
- Create an Okta API token.
- Configure and enable the extension to ingest Okta System Log events into Dynatrace.
- Use the provided dashboards and DQL queries to analyze, visualize, and alert on Okta activity.
Details
Audit logs captured by the extension conform to the Log Management and Analytics semantic dictionary, with fields returned by the Okta System Log API mapped to those defined in the dictionary. The original event is also available unmodified as the content field of the log, for further processing if needed.
The extension uses the Grail lookup data store to track the last processed system event checkpoint across runs, ensuring no events are missed and no duplicate records are created. The lookup table is named okta_state and contains state information for all Okta instances configured on the same tenant.
The extension manages the okta_state lookup table entirely. Manually modifying or removing it will cause the extension to misbehave, potentially resulting in missed events or duplicate records.
Licensing and cost
The extension ingests one metric every minute and all audit logs available from the Okta System Log API. The amount of data ingested will depend on the volume of audit logs generated in the Okta instance, and is charged according to your rate card, see Dynatrace Platform Subscription or Dynatrace classic licensing.
Feature sets
This extension does not include any feature sets. The connectivity metric and all fetched audit logs are ingested regardless of configuration.
