Document toolboxDocument toolbox

Okta Resources collector

Owned by Juan Tomás Alonso Nieto (Deactivated)
Jul 06, 2022
9 min read
[ 1 Service description ] [ 2 Data source description ] [ 3 Setup ] [ 4 Run the collector ] [ 5 Rate limits ]

Service description

The Okta Resources API is used for gaining insights on content management of activities from your organization or company. Okta Resources APIs generate system logs and other events in real-time.

Data source description

You can use the Okta collector to send this information to your Devo domain. Once the gathered information arrives at Devo it will be categorized in different tables in your domain, as you can check in the following table.

Okta services

Listed in the table below are some service names, details, and how the Devo platform treats the data.

Services

Description

Devo data tables

Services

Description

Devo data tables

Apps

Application API provides operations to manage applications and/or assignments to users or groups for your organization.

auth.okta.apps

Client Application

The Dynamic Client Registration API provides operations to register and manage client applications to be used with Okta's OAuth 2.0 and OpenID Connect endpoints.

auth.okta.clients

Groups

Groups API provides operations to manage Okta groups and their user members for your organization.

auth.okta.groups

IDPS

Identity Providers API provides operations to manage federations with external Identity Providers (IDP). For example, your app can support logging in with credentials from Facebook, Google, LinkedIn, Microsoft, an enterprise IdP using SAML 2.0, or an IdP using the OpenID Connect (OIDC) protocol.

auth.okta.idps

System Logs

System Log records system events related to your organization in order to provide an audit trail that can be used to understand platform activity and to diagnose problems. Often the terms "event" and "log event" are used interchangeably. In the context of this API, an "event" is an occurrence of interest within the system and "log" or "log event" is the recorded fact.

auth.okta.system

Users

User API provides operations to manage users in your organization.

auth.okta.users

Zones

Zones API provides operations to manage zones in your organization. Zones may be used to guide policy decisions.

auth.okta.zones

The System Log API will eventually replace the Events API. It contains much more structured data.

For more references about Okta Resources API, visit the Okta API Reference.

Setup

Getting Okta credentials

  1. Visit Developer Okta to create an api_token and get the okta_url.

  2. Log in with your company credentials (or sign up for a free developer account)

  3. Click Dashboard and save the okta_url that is displayed on the top right corner (it will be used later in the config file).


  4. On the top menu, go to API → Tokens.


  5. Click Create Token and enter a name for your token in the window that appears, which will be used for tracking API calls. Click Create Token.


  6. Copy your token and click OK, got it. Note that the token will be only displayed here, so don't forget to copy it. Save it as api_token (it will be used later in the config file).


Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Note that some features might not be available through the collector, or be only available in one of the options. Check the following table for more information:

Feature

Details

Feature

Details

Allow parallel downloading (multipod)

Not allowed

Running environments

Cloud collector, On-premise

 

Rate limits

The number of API requests for an organization is limited for all APIs in order to protect the service for all users. The number of Okta-generated emails that can be sent also has rate limits.

Okta has two types of API rate limits:

  • Org-wide rate limits that vary by API endpoint. These limits are applied on a per-minute or per-second basis, and some are also applied on a per-user basis. For example, if your org sends a request to list applications more than one hundred times in a minute, the org-wide rate limit is exceeded. These limits protect against denial-of-service attacks and help ensure that adequate resources are available for all customers.

  • Concurrent rate limits on the number of simultaneous transactions. For example, if you sent 77 very long-lasting requests to any API endpoint simultaneously, you might exceed the concurrent rate limit.

Okta has one type of email rate limit:

  • Okta-Generated Email Message Rate Limits that vary by email type. Okta enforces rate limits on the number of Okta-generated email messages that are sent to customers and customer users. For example, if the number of emails sent to a given user exceeds the per-minute limit for a given email type, subsequent emails of that type are dropped for that user until that minute elapses.

Rate limits may be changed to protect customers. We provide advance warning of changes when possible.

Check the following web pages for more information on Okta rate limits: