Okta extension
- Latest Dynatrace
- Extension
Ingest Okta System Log events to monitor authentication activity, user lifecycle changes, and security compliance in Dynatrace.
Get started
Overview
The Okta Audit Logs extension for Dynatrace integrates Okta System Log events into your Dynatrace environment. Gain real-time visibility into authentication activities, user management, security events, and policy changes from Okta, all within the Dynatrace platform. Use analytics, dashboards, and alerting to monitor security and compliance.
Use cases
- Monitor Okta authentication and authorization events for security and compliance.
- Detect suspicious login attempts, MFA challenges, and user lockouts in real time.
- Track user lifecycle events such as provisioning, deprovisioning, and group membership changes.
- Automate incident response workflows based on Okta security events.
Activation and setup
- Activate the Okta Audit Logs extension. For details, see Deploy an extension from Dynatrace Hub.
- Create an Okta API token.
- Configure and enable the extension to ingest Okta System Log events into Dynatrace.
- Use the provided dashboards and DQL queries to analyze, visualize, and alert on Okta activity.
Details
Audit logs captured by the extension conform to the Log Management and Analytics semantic dictionary, with fields returned by the Okta System Log API mapped to those defined in the dictionary. The original event is also available unmodified as the content field of the log, for further processing if needed.
The extension uses the Grail lookup data store to track the last processed system event checkpoint across runs, ensuring no events are missed and no duplicate records are created. The lookup table is named okta_state and contains state information for all Okta instances configured on the same tenant.
The extension manages the okta_state lookup table entirely. Manually modifying or removing it will cause the extension to misbehave, potentially resulting in missed events or duplicate records.
Licensing and costs
There is no charge to use the extension. You are only charged for the data that the extension ingests.
The Okta extension ingests custom metrics, which consume Davis Data Units (DDUs) (Dynatrace classic license) or Metrics powered by Grail (DPS), according to your license model.
The extension ingests one metric every minute and all audit logs available from the Okta System Log API. The amount of data ingested will depend on the volume of audit logs generated in the Okta instance.
Dynatrace Platform Subscription
In the Dynatrace Platform Subscription, metric ingestion consumes Metrics powered by Grail according to the number of ingested metric data points.
To calculate the approximate yearly consumption, apply the following calculation: <metric data points per minute> * 60 minutes * 24 hours * 365 days.
For logs, regular consumption applies. See Log Analytics.
Dynatrace classic license
In the classic licensing model, metric ingestion consumes Davis Data Units (DDUs) at the rate of .001 DDUs per metric data point. Multiply the above formula for annual data points by .001 to estimate annual DDU usage.
For logs, regular DDU consumption applies. See DDU consumption for Log Management and Analytics or DDUs for Log Monitoring Classic.
The DDU cost above does not include any possible log events or custom events that are triggered by the extension. For more information, see DDU events.
Feature sets
This extension does not include any feature sets. The connectivity metric and all fetched audit logs are ingested regardless of configuration.
