Document toolboxDocument toolbox

Okta Advanced Server Access collector

Configuration requirements

To run this collector there are some requirements detailed below that you need to consider.

Configuration

Details

Configuration

Details

Credentials

To retrieve an auth token, you need to create a Service User and API key.

ASA Permissions

Create a group and give it the right permissions.

More information

Refer to the Vendor setup section to know more about these configurations.

Overview

Okta Advanced Server Access is an application that manages SSH and RDP access to Linux and Windows servers. Using Okta as its source of truth, Advanced Server Access reconciles with your internal servers to provide Zero Trust software that you can use to secure them. To start using Advanced Server Access, you have to create a team and configure some settings. In Advanced Server Access, a team is a named group of users who can authenticate with Okta. A team is an Advanced Server Access tenant, which is similar to an Okta tenant. All configurations and resources in Advanced Server Access are scoped to a team.

Learn more about this technology by accessing the web documentation here.

Data source description

The collector process the OKTA ASA API responses and send them to the Devo platform, which will categorize all the information received on tables in your Devo domain.

The OKTA ASA Resource API allows to retrieve of account activities for the event resource:

Resource type

Definition

Devo data table

Resource type

Definition

Devo data table

Events

Advanced Server Access (ASA) Audit Events provide log data of ASA User actions such as accessing ASA Servers, enrolling ASA Clients, and creating resources.

auth.okta.asa_events

For more information about the OKTA ASA Resource API, visit the OKTA ASA API Reference.

Vendor Setup

Getting credentials

To retrieve an auth token, you need to create a Service User and API key.

Auth tokens may expire at any time, so code that uses them should be prepared to handle a 401 Unauthorized response code by creating a new auth token.

Also, you will need to provide a team name in order to run the collector. That can be found on your Okta ASA Dashboard account options, at the top-right corner. The name followed by the rocket icon is your team name.

Permissions

The permissions of ASA Users are determined by their ASA Group membership. Each ASA Group to which an ASA User belongs implies permissions through Team-wide Roles and Project membership.

Create a group, assign it to a user, and give it reporting permission only. That permission will be enough to extract audit events.

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Change log for v1.x.x

Release

Released on

Release type

Details

Recommendations

Release

Released on

Release type

Details

Recommendations

v1.4.3

Jul 29, 2022

IMPROVEMENT

Improvements:

  • Upgraded underlay IFC SDK v1.3.0 to v1.4.0.

    • Updated the underlying DevoSDK package to v3.6.4 and dependencies, this upgrade increases the resilience of the collector when the connection with Devo or the Syslog server is lost. The collector is able to reconnect in some scenarios without running the self-kill feature.

    • Support for stopping the collector when a GRACEFULL_SHUTDOWN system signal is received.

    • Re-enabled the logging to devo.collector.out for Input threads.

    • Improved self-kill functionality behavior.

    • Added more details in log traces.

    • Added log traces for knowing system memory usage.

Upgrade

v1.5.0

Nov 3, 2022

IMPROVEMENT

Improvements:

  • Upgraded underlay IFC SDK from v1.4.0 to v1.4.3.

    • Added:

      • New "templates" functionality.

      • New controlled stopping condition when any input thread fatally fails.

      • Added log traces for knowing the execution environment status (debug mode).

    • Changed:

      • Improved log trace details when runtime exceptions happen.

      • Refactored source code structure.

      • Fixes in the current puller template version.

      • The Docker container exits with the proper error code.

Recommended Version