Okta Advanced Server Access collector
Service description
Okta Advanced Server Access is an application that manages SSH and RDP access to Linux and Windows servers. Using Okta as its source of truth, Advanced Server Access reconciles with your internal servers to provide Zero Trust software that you can use to secure them. To start using Advanced Server Access, you have to create a team and configure some settings. In Advanced Server Access, a team is a named group of users who can authenticate with Okta. A team is an Advanced Server Access tenant, which is similar to an Okta tenant. All configurations and resources in Advanced Server Access are scoped to a team.
Learn more about this technology by accessing the web documentation here.
Data source description
The collector process the OKTA ASA API responses and send them to the Devo platform, which will categorize all the information received on tables in your Devo domain.
The OKTA ASA Resource API allows to retrieve account activities for the event resource:
Resource type | Definition | Devo data table |
---|---|---|
Events | Advanced Server Access (ASA) Audit Events provide log data of ASA User actions such as accessing ASA Servers, enrolling ASA Clients, and creating resources. |
|
For more information about the OKTA ASA Resource API, visit the OKTA ASA API Reference.
Setup
Authentication
To retrieve an auth token, you need to create a Service User and API key.
Auth tokens may expire at any time, so code that uses them should be prepared to handle a 401 Unauthorized response code by creating a new auth token.
Also, you will need to provide a team name in order to run the collector. That can be found on your Okta ASA Dashboard account options, at the top-right corner. The name followed by the rocket icon is your team name.
Permissions
The permissions of an ASA User are determined by their ASA Group membership. Each ASA Group to which an ASA User belongs implies permissions through Team-wide Roles and Project membership.
Create a group, assign it to a user, and give it the “reporting” permission only. That permission will be enough to extract audit events.
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).