The Okta Resources API is used for gaining insights on content management of activities from your organization or company. Okta Resources APIs generate system logs and other events in real-time.
Data source description
You can use the Okta collector to send this information to your Devo domain. Once the gathered information arrives at Devo it will be categorized in different tables in your domain, as you can check in the following table.
Listed in the table below are some service names, details, and how the Devo platform treats the data.
|Services||Description||Devo data tables|
Application API provides operations to manage applications and/or assignments to users or groups for your organization.
The Dynamic Client Registration API provides operations to register and manage client applications to be used with Okta's OAuth 2.0 and OpenID Connect endpoints.
Groups API provides operations to manage Okta groups and their user members for your organization.
Identity Providers API provides operations to manage federations with external Identity Providers (IDP). For example, your app can support logging in with credentials from Facebook, Google, LinkedIn, Microsoft, an enterprise IdP using SAML 2.0, or an IdP using the OpenID Connect (OIDC) protocol.
System Log records system events related to your organization in order to provide an audit trail that can be used to understand platform activity and to diagnose problems. Often the terms "event" and "log event" are used interchangeably. In the context of this API, an "event" is an occurrence of interest within the system and "log" or "log event" is the recorded fact.
User API provides operations to manage users in your organization.
Zones API provides operations to manage zones in your organization. Zones may be used to guide policy decisions.
For more references about Okta Resources API, visit the Okta API Reference.
Getting Okta credentials
Visit Developer Okta to create an api_token and get the okta_url.
Log in with your company credentials (or sign up for a free developer account)
Click Dashboard and save the okta_url that is displayed on the top right corner (it will be used later in the config file).
On the top menu, go to API → Tokens.
Click Create Token and enter a name for your token in the window that appears, which will be used for tracking API calls. Click Create Token.
Copy your token and click OK, got it. Note that the token will be only displayed here, so don't forget to copy it. Save it as api_token (it will be used later in the config file).
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
We use a piece of software called Collector Server to host and manage all our available collectors. If you want us to host this collector for you, get in touch with us and we will guide you through the configuration.
This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running.
The following directory structure will be required as part of the setup procedure (it can be created under any directory):
In Devo, go to Administration → Credentials → X.509 Certificates, download the Certificate, Private key and Chain CA and save them in
Editing the config-okta.yaml file
In the config-okta.yaml file, replace the
Download the Docker image
The collector should be deployed as a Docker container. Click here to download the Docker image of the collector as a .tgz file.
Use the following command to add the Docker image to the system:
Once the Docker image is imported, it will show the real name of the Docker image (including version info). Replace
The Docker image can be deployed on the following services:
Execute the following command on the root directory
The following Docker Compose file can be used to execute the Docker container. It must be created in the
To run the container using docker-compose, execute the following command from the
The number of API requests for an organization is limited for all APIs in order to protect the service for all users. The number of Okta-generated emails that can be sent also has rate limits.
Okta has two types of API rate limits:
Org-wide rate limits that vary by API endpoint. These limits are applied on a per-minute or per-second basis, and some are also applied on a per-user basis. For example, if your org sends a request to list applications more than one hundred times in a minute, the org-wide rate limit is exceeded. These limits protect against denial-of-service attacks and help ensure that adequate resources are available for all customers.
Concurrent rate limits on the number of simultaneous transactions. For example, if you sent 77 very long-lasting requests to any API endpoint simultaneously, you might exceed the concurrent rate limit.
Okta has one type of email rate limit:
Okta-Generated Email Message Rate Limits that vary by email type. Okta enforces rate limits on the number of Okta-generated email messages that are sent to customers and customer users. For example, if the number of emails sent to a given user exceeds the per-minute limit for a given email type, subsequent emails of that type are dropped for that user until that minute elapses.
Rate limits may be changed to protect customers. We provide advance warning of changes when possible. See more information on Okta Rate Limits Page.
A number of predefined Activeboards that make use of the configured collectors can be downloaded here. Click here to download a preconfigured Activeboard that you can try in your Devo domain.
To instantiate them, follow these instructions:
Create a new Activeboard in your domain. Learn how to do it here.
In Edit mode, click the ellipsis button and select Edit raw configuration.
Open the downloaded file, select all the text, and copy it into the clipboard.
Paste the contents of the file in the raw editor. Make sure you replace the existing configuration completely.
Click Save changes. The Activeboard should show up immediately.